ICSA-20-170-02 · Published 2020-06-18 · View on CISA ICS-CERT ↗

Mitsubishi Electric MC Works64, MC Works32

CVSS 9.4 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.

CVEs (5)

CVE-2020-12011 CVE-2020-12015 CVE-2020-12009 CVE-2020-12013 CVE-2020-12007

Remediations

Mitsubishi Electric recommends updating to the latest software version or applying security patches.
Users can get the installer of the latest software version or security patches in one of the following ways: Download the latest software versions from the MC Works Vulnerability Information website.
Users can get the installer of the latest software version or security patches in one of the following ways: Contact a Mitsubishi Electric representative.
For more information about these vulnerabilities and related workarounds, see the MC Works Vulnerability Information website.

Affected Vendors

Mitsubishi Electric

Affected Products (2)

Mitsubishi Electric · MC Works32 Version 3.00A (aka Version 9.50.255.02)

Mitsubishi Electric · MC Works64 <= Version 4.02C (aka <= Version 10.95.208.31)

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more