February 5, 2024 at 06:06PM
Mitsubishi Electric identified high-severity authentication bypass and critical remote code execution vulnerabilities in several factory automation products. The impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX. The company advised users to implement cybersecurity measures while it works on patches and released advisories in collaboration with CISA.
From the meeting notes, here are the key takeaways:
– Mitsubishi Electric has reported two serious vulnerabilities in its factory automation (FA) products, including an authentication bypass and a remote code execution vulnerability.
– The impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX.
– The company has not released patches for these vulnerabilities and is advising users to implement general cybersecurity measures to reduce the risk of exploitation.
– The vulnerabilities could be exploited directly from the internet, potentially allowing attackers high-privileged access to engineering workstations.
– The US security agency CISA has also published advisories to inform industrial organizations about these vulnerabilities.
– Mitsubishi Electric has demonstrated a commitment to addressing vulnerabilities in its products, as evidenced by the release of a high number of security advisories last year.
If you need additional information or if there are specific actions you would like to take based on this information, please let me know.