ICSA-21-294-01
·
Published 2021-10-21
·
View on CISA ICS-CERT ↗
ICONICS GENESIS64 and Mitsubishi Electric MC Works64
CVSS 7.8
HIGH
Risk Summary
Successful exploitation of these vulnerabilities may result in remote code execution.
CVEs (2)
Remediations
- ICONICS and Mitsubishi Electric are releasing Critical Fix Rollups or patches for these products. GENESIS64 Version 10.97.1 and later will not be vulnerable to this exploit.
- Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.
- Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.
- Do not click web links or open unsolicited attachments in email messages.
- When importing any AutoCad DWG file, make sure it is known to come from a trusted source.
- Install the applicable Critical Fix Rollup, when available.
- ICONICS provides information and useful links related to its security updates at its company website.
- Mitsubishi Electric provides information and useful links related to this security update at its company website.
Affected Vendors
ICONICS, Mitsubishi Electric
Affected Products (2)
ICONICS, Mitsubishi Electric
·
GENESIS64
<= 10.97
ICONICS, Mitsubishi Electric
·
MC Works64
<= 4.04E
Affected Sectors
Multiple including Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more