Security News > 2022 > December > CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software.
"Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.
"Engineering software represents a critical component in the security chain of industrial controllers," the company said.
"Should any vulnerabilities arise in them, adversaries may abuse them to ultimately compromise the managed devices and the supervised industrial process."
The disclosure comes as CISA revealed details of a denial-of-service vulnerability in Mitsubishi Electric MELSEC iQ-R Series that stems from a lack of proper input validation.
In a related development, the cybersecurity agency further outlined three issues impacting Remote Compact Controller 972 from Horner Automation, the most critical of which could lead to remote code execution or cause a DoS condition.
News URL
https://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html
Related news
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
Related vendor
| VENDOR | LAST 12M | #/PRODUCTS | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| Mitsubishi | 92 | 0 | 0 | 8 | 1 | 9 |