Security News > 2022 > December > CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software.
"Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.
"Engineering software represents a critical component in the security chain of industrial controllers," the company said.
"Should any vulnerabilities arise in them, adversaries may abuse them to ultimately compromise the managed devices and the supervised industrial process."
The disclosure comes as CISA revealed details of a denial-of-service vulnerability in Mitsubishi Electric MELSEC iQ-R Series that stems from a lack of proper input validation.
In a related development, the cybersecurity agency further outlined three issues impacting Remote Compact Controller 972 from Horner Automation, the most critical of which could lead to remote code execution or cause a DoS condition.
News URL
https://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html
Related news
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
Related vendor
VENDOR | LAST 12M | #/PRODUCTS | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
Mitsubishi | 92 | 0 | 0 | 8 | 1 | 9 |