ICSA-22-055-02 · Published 2022-02-24 · View on CISA ICS-CERT ↗

Mitsubishi Electric EcoWebServerIII

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow information to be disclosed, tampered with, or result in a denial-of-service condition.

CVE-2016-10735 CVE-2018-14040 CVE-2018-14042

MES3-255C-EN: Update to v3.3.1 or later
MES3-255C-DM-EN: Update to v3.3.1 or later
MES3-255C-CN: Update to v3.3.1 or later
MES3-255C-DM-CN: Update to v3.3.1 or later
To update, users of the affected versions should refer to the user manual chapter “4.8.6 Version up of Main Program” (Setting). The manual and Setting Software for EcoWebServerIII are available to download on the MITSUBISHI ELECTRIC FA Global Website.
Use a firewall, a virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
Use within a LAN and block access from untrusted networks and hosts through firewalls.
For specific update instructions and additional details see the Mitsubishi Electric advisory.

Mitsubishi Electric

Mitsubishi Electric · MES3-255C-CN >= 3.0.0 | <= 3.3.0

Mitsubishi Electric · MES3-255C-DM-CN >= 3.0.0 | <= 3.3.0

Mitsubishi Electric · MES3-255C-DM-EN >= 3.0.0 | <= 3.3.0

Mitsubishi Electric · MES3-255C-EN >= 3.0.0 | <= 3.3.0

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.