Two potentially serious vulnerabilities have been found in factory automation products made by Japanese electronics and electrical equipment manufacturing firm Mitsubishi Electric.
In an advisory published last week, Mitsubishi Electric said several factory automation, products are impacted by a high-severity authentication bypass and a critical remote code execution vulnerability.
Users of the impacted products have been advised to implement general cybersecurity measures to reduce the risk of exploitation.
Reid Wightman, vulnerability analyst at industrial cybersecurity firm Dragos, who has been credited with reporting the issues to Mitsubishi, told SecurityWeek that the flaws could be exploited directly from the internet, but it's unclear if any systems are directly accessible from the web.
Engineering workstations have been used as an initial access vector in many attacks aimed at organizations with industrial control systems and other operational technology environments.
The US security agency CISA has also published an advisory to inform industrial organizations about these vulnerabilities.
On the same day, Mitsubishi and CISA also published advisories describing another authentication bypass issue, one affecting MELSEC WS series Ethernet interface modules.
This flaw only has a severity rating of 'medium' because exploitation involves a man-in-the-middle attack.
It's worth noting that Mitsubishi Electric appears to be putting a lot of effort into addressing vulnerabilities found in its products.
The company last year released 36 security advisories and a high number of advisories is typically an indicator that the company takes vulnerability reports seriously.
This Cyber News was published on www.securityweek.com. Publication date: Mon, 05 Feb 2024 18:43:03 +0000