ICSA-23-334-04
·
Published 2023-11-30
·
View on CISA ICS-CERT ↗
Mitsubishi Electric FA Engineering Software Products
CVSS 7.8
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow a malicious attacker to execute malicious code by tricking legitimate users to open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service condition.
CVEs (1)
Remediations
- Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting this vulnerability:
- Install antivirus software in computers using the affected product.
- Use computers with the affected product within the LAN and block remote login from untrusted networks, hosts, and users.
- When connecting computers with the affected product to the Internet, use a firewall, virtual private network (VPN), etc., to prevent unauthorized access, and allow only trusted users to remote login.
- Don't open untrusted files or click untrusted links.
- For additional information see Mitsubishi Electric advisory 2023-016.
Affected Vendors
Mitsubishi Electric
Affected Products (4)
Mitsubishi Electric
·
GX Works3
vers:all/*
Mitsubishi Electric
·
MELSOFT iQ AppPortal
vers:all/*
Mitsubishi Electric
·
MELSOFT Navigator
vers:all/*
Mitsubishi Electric
·
Motion Control Setting (Software packaged with GX Works3)
vers:all/*
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more