ICONICS and Mitsubishi Electric Products

CVSS 6.3 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to write arbitrary files.

CVE-2022-40264

ICONICS and Mitsubishi Electric recommend updating the ICONICS Suite software with the latest security patches when available (login required). Security updates are released as critical fixes or rollup releases.
Locate control system networks and devices behind firewalls and isolate them from untrusted networks and hosts.
Minimize network exposure for all control system devices. Control system devices should not directly face the internet.
Avoid clicking on web links in emails or opening email attachments from untrusted sources.
Only unpack files received from trusted sources.
Protect and encrypt Pack&Go packages with a password to prevent modifications by untrustworthy users.
Avoid unpacking a Pack&Go package file using a relative path (Note: this would show in the Workbench UI).
Users should refer to the ICONICS whitepaper on security vulnerabilities for information on security update availability.
Refer to the Mitsubishi Electric advisory for further details and instructions for determining installed versions.

ICONICS, Mitsubishi Electric

ICONICS, Mitsubishi Electric · ICONICS Product Suite >= 10.96 | <= 10.97.2

ICONICS, Mitsubishi Electric · ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI >= v10.96 | < v10.97.2

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.