Security News > 2022 > December > CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software.

"Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.

"Engineering software represents a critical component in the security chain of industrial controllers," the company said.

"Should any vulnerabilities arise in them, adversaries may abuse them to ultimately compromise the managed devices and the supervised industrial process."

The disclosure comes as CISA revealed details of a denial-of-service vulnerability in Mitsubishi Electric MELSEC iQ-R Series that stems from a lack of proper input validation.

In a related development, the cybersecurity agency further outlined three issues impacting Remote Compact Controller 972 from Horner Automation, the most critical of which could lead to remote code execution or cause a DoS condition.

News URL

http://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html