This updated advisory is a follow-up to the advisory update titled ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products that was published November 01, 2022. It is important to note that successful exploitation of these vulnerabilities could lead to a denial-of-service condition or enable arbitrary code execution. CVE-2022-0778 and CVE-2022-1292 have been assigned to these vulnerabilities, with a CVSS v3 base score of 7.5 and 9.8 respectively. Mitsubishi Electric has released the fixed firmware for these issues and recommends users update affected products to Version 09 or later. It is also recommended that users ensure the OPC UA Client is updated to the latest version and to use legitimate certificates on the OPC UA Client side. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. Additionally, CISA provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. No known public exploits specifically target these vulnerabilities. CISA encourages users to provide feedback about this product.
This Cyber News was published on us-cert.cisa.gov. Publication date: Thu, 02 Feb 2023 17:44:03 +0000