Mitsubishi Electric FA Engineering Software (Update B)

Risk Summary

Successful exploitation of these vulnerabilities may cause a denial-of-service condition.

CVEs (2)

Remediations

• GX Works2: Version 1.610L or later
• MELSOFT Navigator: Version 2.86Q or later
• EZSocket: Version 5.5 or later. Mitsubishi Electric will provide the fixed version of EZSocket directly to the partner companies.
• Mitsubishi Electric has included the following directions for users looking to update to the fixed software version:
• Unzip the downloaded file (zip format).
• Execute the file “setup.exe” located in the folder unzipped and install it.
• Ensure malicious attackers cannot access project files that are stored in your computer/server via untrusted network or host.
• Install an antivirus software in your personal computer running the software.
• Do not open the project files, such as those attached to e-mail sent from an untrusted sender.
• Please execute procedures below for GX Works2 project files read from PLC via “Batch Read” function of MELSOFT Navigator or EZSocket. With GX Works2 1.610L or later, open the project file that is read from PLC via “Batch Read” function of MELSOFT Navigator or EZSocket. Enable the option [Enable the security check for the project] ([Options] -> [Project] -> [Common Setting]) and save the project.
• With GX Works2 1.610L or later, open the project file that is read from PLC via “Batch Read” function of MELSOFT Navigator or EZSocket.
• Enable the option [Enable the security check for the project] ([Options] -> [Project] -> [Common Setting]) and save the project.
• For specific update instructions and additional details see the Mitsubishi Electric advisory.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing