ICSA-21-294-03
·
Published 2021-10-21
·
View on CISA ICS-CERT ↗
ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability could trigger a stack overflow.
CVEs (1)
Remediations
- ICONICS and Mitsubishi Electric are releasing Critical Fix Rollup packages or patches that will include the solution to this vulnerability. GENESIS64 Versions 10.97.1 and later will not be vulnerable to this exploit.
- Place control system networks and devices behind firewalls to isolate them from the business network.
- Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.
- Do not click web links or open unsolicited attachments in e-mail messages.
- Leverage OPC UA security and certificates to ensure ICONICS products only connect to trusted OPC UA servers and clients.
- Install the applicable Critical Fixes Rollup, if available.
- ICONICS provides information and useful links related to its security updates at its company website.
- Mitsubishi Electric provides information and useful links related to its security updates its company website.
Affected Vendors
ICONICS, Mitsubishi Electric
Affected Products (5)
ICONICS, Mitsubishi Electric
·
MobileHMI
<= 10.97
ICONICS, Mitsubishi Electric
·
AnalytiX
<= 10.97
ICONICS, Mitsubishi Electric
·
GENESIS64
<= 10.97
ICONICS, Mitsubishi Electric
·
MC Works64
<= 4.04E
ICONICS, Mitsubishi Electric
·
Hyper Historian
<= 10.97
Affected Sectors
Multiple Sectors
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more