CyberSecurityBoard
Sponsor Register Login

Mitsubishi Electric Electrical Discharge Machines

RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products.
Remote code execution vulnerability due to Microsoft Message Queuing service on Microsoft Windows exists in electrical discharge machines.
CVE-2023-21554 has been assigned to this vulnerability.
A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is.
MITIGATIONS. Mitsubishi Electric recommends that users install the latest update.
For information about how to install the update program, please contact your local service center.
Mitsubishi Electric recommends taking the mitigations listed below to minimize the risk of exploitation of this vulnerability.
For specific update instructions and additional details refer to Mitsubishi Electric advisory 2023-022.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.
Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.
Gov/ics in the technical information paper, ICS-TIP-12-146-01B-Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability) has been reported to CISA at this time.


This Cyber News was published on www.cisa.gov. Publication date: Tue, 20 Feb 2024 17:13:07 +0000


Cyber News related to Mitsubishi Electric Electrical Discharge Machines

CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-25156 - Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric ...
1 year ago
CVE-2021-20609 - Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
1 year ago
CVE-2021-20610 - Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions ...
1 year ago
CVE-2021-20611 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
1 year ago
CVE-2022-25159 - Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, ...
2 years ago
CVE-2022-25160 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-40267 - Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi ...
1 year ago
CVE-2022-24946 - Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi ...
2 years ago
CVE-2022-25161 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series ...
2 years ago
CVE-2022-25162 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series ...
2 years ago
Mitsubishi Electric Electrical Discharge Machines - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products. Remote code execution ...
8 months ago Cisa.gov
CVE-2022-33324 - Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware ...
4 months ago
Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations - Two potentially serious vulnerabilities have been found in factory automation products made by Japanese electronics and electrical equipment manufacturing firm Mitsubishi Electric. In an advisory published last week, Mitsubishi Electric said several ...
9 months ago Securityweek.com
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
9 months ago Bleepingcomputer.com
CVE-2022-33321 - Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air ...
1 year ago
Nozomi Networks Secures $100M Investment to Defend Critical Infrastructure - SAN FRANCISCO, March 13, 2024 - Nozomi Networks Inc. today announced a $100 million Series E funding round to help accelerate innovative cyber defenses and expand cost-efficient go-to-market expansion globally. This latest round includes investments ...
7 months ago Darkreading.com
CVE-2022-33322 - Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric ...
1 year ago
Mitsubishi Electric FA Engineering Software Products - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow a malicious attacker to disclose information in the affected products. For the correspondence table of the affected products and each vulnerability, refer to Mitsubishi ...
11 months ago Cisa.gov
ICONICS and Mitsubishi Electric Products - RISK EVALUATION. Successful exploitation of these vulnerabilities could result in denial of service, improper privilege management, or potentially remote code execution. A denial-of-service vulnerability due to an allocation of resources without ...
4 months ago Cisa.gov
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world - While I don't own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars. They're all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor ...
9 months ago Blog.talosintelligence.com
Cisco and Schneider Electric Are Creating Smarter, More Efficient Buildings - Whether your organization owns commercial property, leases it, or manages it, you're likely to be grappling with industry trends and challenges that call on your best efforts-and the innovative application of technology. The need to reduce energy ...
9 months ago Feedpress.me
CVE-2021-20607 - Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)