Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could result in disclosure of information stored in the product by sending specially crafted packets or could cause a denial-of service (DoS) condition by getting a legitimate user to import a specially crafted certificate.

CVEs (2)

Remediations

• Mitsubishi Electric recommends the following:
• Update CC-Link IE TSN Industrial Managed Switch NZ2MHG-TSNT8F2 and NZ2MHG-TSNT4 to firmware version 06 or later
• For specific update instructions and additional details see Mitsubishi Electric advisory 2023-011.
• Additionally, Mitsubishi Electric recommends that customers take the following mitigations to minimize the risk of exploitation of these vulnerabilities:
• When Internet access is required, use a virtual private network (VPN) or other means to prevent unauthorized access.
• Use the products within a LAN and block access from untrusted networks and hosts.
• Restrict physical access to your computer and network equipment on the same network.
• After you log into NZ2MHG-TSNT8F2 or NZ2MHG-TSNT4 with the web interface, change user name and password from default setting at [Account Management] displayed on the function menu. Also, set the proper access permissions for the users.

Affected Vendors

Affected Products (2)

Affected Sectors

Critical Manufacturing