Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations

Two potentially serious vulnerabilities have been found in factory automation products made by Japanese electronics and electrical equipment manufacturing firm Mitsubishi Electric.
In an advisory published last week, Mitsubishi Electric said several factory automation, products are impacted by a high-severity authentication bypass and a critical remote code execution vulnerability.
Users of the impacted products have been advised to implement general cybersecurity measures to reduce the risk of exploitation.
Reid Wightman, vulnerability analyst at industrial cybersecurity firm Dragos, who has been credited with reporting the issues to Mitsubishi, told SecurityWeek that the flaws could be exploited directly from the internet, but it's unclear if any systems are directly accessible from the web.
Engineering workstations have been used as an initial access vector in many attacks aimed at organizations with industrial control systems and other operational technology environments.
The US security agency CISA has also published an advisory to inform industrial organizations about these vulnerabilities.
On the same day, Mitsubishi and CISA also published advisories describing another authentication bypass issue, one affecting MELSEC WS series Ethernet interface modules.
This flaw only has a severity rating of 'medium' because exploitation involves a man-in-the-middle attack.
It's worth noting that Mitsubishi Electric appears to be putting a lot of effort into addressing vulnerabilities found in its products.
The company last year released 36 security advisories and a high number of advisories is typically an indicator that the company takes vulnerability reports seriously.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 05 Feb 2024 18:43:03 +0000


Cyber News related to Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations

CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-25156 - Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric ...
1 year ago
CVE-2021-20609 - Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
1 year ago
CVE-2021-20610 - Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions ...
1 year ago
CVE-2021-20611 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
1 year ago
CVE-2022-25159 - Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, ...
2 years ago
CVE-2022-25160 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-40267 - Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi ...
1 year ago
CVE-2022-24946 - Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi ...
2 years ago
Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations - Two potentially serious vulnerabilities have been found in factory automation products made by Japanese electronics and electrical equipment manufacturing firm Mitsubishi Electric. In an advisory published last week, Mitsubishi Electric said several ...
9 months ago Securityweek.com
CVE-2022-25161 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series ...
2 years ago
CVE-2022-25162 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series ...
2 years ago
Social Engineering Attacks: Tactics and Prevention - Social engineering attacks have become a significant concern in today's digital landscape, posing serious risks to the security and sensitive information of individuals and organizations. By comprehending these tactics and implementing preventive ...
9 months ago Securityzap.com
Social Engineering: The Art of Human Hacking - Social engineering exploits this vulnerability by manipulating human psychology and emotions to gain unauthorized access to systems and data. Rather than directly breaking cyber defenses, social engineering tactics exploit human vulnerabilities - ...
11 months ago Offsec.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov
CVE-2022-33324 - Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware ...
4 months ago
Energy-Efficient Home Automation: Saving the Planet and Your Wallet - Home automation solutions offer an array of benefits, from improved convenience to decreased energy bills. This article will explore the types of home automation systems available, as well as their cost and potential for energy efficiency. The ...
11 months ago Securityzap.com
Home Automation for All: Enabling Independence - As technology advances, home automation provides a sense of empowerment for elderly and disabled individuals. Home automation for the elderly and disabled reduces dependence on others and promotes independence in the home environment. Home automation ...
11 months ago Securityzap.com
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
9 months ago Bleepingcomputer.com
CVE-2022-33321 - Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air ...
1 year ago
How to Get Started With Security Automation: Consider the Top Use Cases Within Your Industry - As the cybersecurity industry has matured, so has the approach security teams take to making decisions about investing in security tools. Instead of focusing on the latest product or technology, security professionals are focused on use cases such as ...
10 months ago Securityweek.com
How software engineering will evolve in 2024 - From artificial intelligence and digital twin technologies, to platform engineering rooted in devops principles, to chaos engineering techniques that enhance resilience, to the expanded use of internal developer portals that boost productivity, ...
10 months ago Infoworld.com
AI and Automation - In recent years, developments in artificial intelligence and automation technology have drastically reshaped application security. On one hand, the progress in AI and automation has strengthened security mechanisms, reduced reaction times, and ...
11 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)