← Back to home
ICSA-11-279-02  ·  Published 2025-06-09  ·  View on CISA ICS-CERT ↗

CitectSCADA and Mitsubishi MX4 SCADA Batch Server Buffer Overflow

CVSS 4.6 MEDIUM

CVEs (1)

Remediations

  • A notification about this vulnerability is available on the Schneider Electric website (http://www.citect.com/citectscada-batch).
  • Schneider Electric has made mitigation recommendations to customers using affected products based on their implementation and use of the Batch product.
  • Schneider Electric advises these users to contact Schneider for details on how to migrate to the new Batch platform. The BatchUninstaller is available here: (http://www.citect.com/citectscada-batchuninstaller) .
  • Schneider Electric recommends these users run the CitectSCADA Batch Uninstaller to uninstall the Batch component, therefore eliminating the risk. The CitectSCADA Batch Uninstaller is available here: (http://www.citect.com/citectscada-batch) .
  • Mitsubishi Electric Europe B.V. is contacting customers who have purchased an MX4 BATCH license and will work both with the customer and Schneider Electric to ensure they are not at risk from this vulnerability.
  • Mitsubishi Electric Europe B.V. has released a notification about this vulnerability on the Mitsubishi website (http://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4,SCADA).
  • Mitsubishi recommends that users who may have installed the MX4SCADA but are not using the MX4Batch engine (CitectSCADA Batch engine) to remove this module by using the uninstaller provided on their website: (http://www.mitsubishi-automation.com) > Download > Product Safety NoticeAlternatively
  • the uninstaller can be obtained from Schneider Electric’s website (http://www.citect.com/citectscada-batch-uninstaller).
  • MX4 Batch users should contact their local Mitsubishi Electric Europe B.V. representative to discuss upgrading to a new version of the Batch platform or alternatively moving to a non-PC-based batch system such as Mitsubishi Electric Europe B.V.’s C Batch.
  • Mitsubishi Electric can be contacted at (mailto:[email protected]) for further assistance.

Affected Vendors

Schneider Electric

Affected Products (2)

Schneider Electric · Schneider Electric CitectSCADA using the CitectSCADA Batch Server module <=V7.10
Schneider Electric · Mitsubishi MX4 SCADA using the MX4 SCADA Batch module <=V7.10

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more