Security News > 2021 > July > Several Vulnerabilities Patched in 'MDT AutoSave' Industrial Automation Product
Industrial automation solutions provider MDT Software has patched several critical and high-severity vulnerabilities in its flagship product, MDT AutoSave.
MDT AutoSave is an automation change management solution that provides backup, version control, historical tracking, user permission, audit trail, change detection, and disaster recovery capabilities for a wider range of industrial control systems, including PLC, CNC, SCADA, HMI, robots, drives, and welders.
Researchers at industrial cybersecurity firm Claroty discovered that MDT AutoSave is affected by seven types of vulnerabilities, including two rated critical and five rated high severity.
Sharon Brizinov, who leads the Vulnerability Research Team at Claroty, told SecurityWeek that an attacker needs network access to the MDT AutoSave server in order to exploit the vulnerabilities.
According to CISA, the high-severity vulnerabilities can allow an attacker to break encryption and gain access to the system, replace legitimate files with malicious files, execute malicious files, and obtain sensitive information.
The flaws affect MDT AutoSave versions 6.x and 7.x, and AutoSave for System Platform versions 4 and 5.0.