Security News > 2022 > December > CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software.
"Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.
"Engineering software represents a critical component in the security chain of industrial controllers," the company said.
"Should any vulnerabilities arise in them, adversaries may abuse them to ultimately compromise the managed devices and the supervised industrial process."
The disclosure comes as CISA revealed details of a denial-of-service vulnerability in Mitsubishi Electric MELSEC iQ-R Series that stems from a lack of proper input validation.
In a related development, the cybersecurity agency further outlined three issues impacting Remote Compact Controller 972 from Horner Automation, the most critical of which could lead to remote code execution or cause a DoS condition.
News URL
http://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html
Related news
- Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! (source)
- Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) (source)
- Web-based PLC malware: A new potential threat to critical infrastructure (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- CISA urges software devs to weed out SQL injection vulnerabilities (source)