Security News > 2022 > December > CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software.
"Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.
"Engineering software represents a critical component in the security chain of industrial controllers," the company said.
"Should any vulnerabilities arise in them, adversaries may abuse them to ultimately compromise the managed devices and the supervised industrial process."
The disclosure comes as CISA revealed details of a denial-of-service vulnerability in Mitsubishi Electric MELSEC iQ-R Series that stems from a lack of proper input validation.
In a related development, the cybersecurity agency further outlined three issues impacting Remote Compact Controller 972 from Horner Automation, the most critical of which could lead to remote code execution or cause a DoS condition.
News URL
http://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html
Related news
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- CISA Identifies Five New Vulnerabilities Currently Being Exploited (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
Related vendor
VENDOR | LAST 12M | #/PRODUCTS | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
Mitsubishi | 92 | 0 | 0 | 8 | 1 | 9 |