Mitsubishi Electric MELSOFT iQ AppPortal

Risk Summary

Successful exploitation of these vulnerabilities could allow a malicious attacker to make unidentified impacts such as authentication bypass, information disclosure, denial-of-service, or bypass IP address authentication.

CVEs (2)

Remediations

• Mitsubishi Electric recommends downloading and applying update version 1.32J or later software.
• Disable mod_proxy and mod_proxy_ajp in the VisualSVN Server settings if possible.
• When a PC with the product installed needs access to the internet, use a firewall or virtual private network (VPN), etc. to prevent unauthorized access.
• Use a PC with the product installed within a local area network (LAN) and use a firewall, etc. to minimize connection to the network and restrict access only from trusted networks and hosts.
• Minimize user privilege for the product users.
• Install antivirus software on the computer where the product is used.
• Users should contact Mitsubishi Electric for assistance, if needed.
• For specific update instructions and additional details see the Mitsubishi Electric advisory.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing