ICSA-22-132-02 · Published 2022-05-12 · View on CISA ICS-CERT ↗

Mitsubishi Electric MELSOFT iQ AppPortal

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could result in a denial-of-service condition, malicious program execution, information disclosure, information tampering, or authentication bypass.

CVEs (8)

CVE-2020-13938 CVE-2021-26691 CVE-2021-34798 CVE-2021-3711 CVE-2021-44790 CVE-2022-22720 CVE-2022-23943 CVE-2022-0778

Remediations

Update to 1.29F or later. Unzip the downloaded file (zip format) and execute the file “setup.exe.”
Restrict network access to the computer running this product so it can be accessed only from trusted networks or hosts.
Minimize user privilege for product users.
Install an antivirus software in the personal computer that runs this product.
Please follow the safety precautions in the operating manual for the product.
For more information see Mitsubishi Electric's advisory 2022-003

Affected Vendors

Mitsubishi Electric

Affected Products (1)

Mitsubishi Electric · MELSOFT iQ AppPortal (SW1DND-IQAPL-M) >= 1.00A | <= 1.26C

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more