Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to cause a temporary denial-of service (DoS) condition in the web service on the product.

CVEs (1)

Remediations

• Mitsubishi Electric recommends users to update to the fixed versions by following the steps below.
• Fixed versions:
• CC-Link IE TSN Industrial Managed Switch NZ2MHG-TSNT8F2: Version "06" or later
• CC-Link IE TSN Industrial Managed Switch NZ2MHG-TSNT4: Version "06" or later
• Update steps:
• Contact your local Mitsubishi Electric representative to obtain the fixed firmware version file for CC-Link IE TSN Industrial Managed Switch.
• After logging into NZ2MHG-TSNT8F2 or NZ2MHG-TSNT4 through the web interface, update the firmware to the fixed firmware version file mentioned in the above 1 by the function of [System] -> [System Management] -> [Firmware Upgrade] from Function menu. For the detailed procedures, please refer to "CC-Link IE TSN Industrial Managed Switch User's Manual (SH-082449ENG)".
• Mitsubishi Electric recommends that customers take the following mitigations to minimize the risk of exploiting this vulnerability:
• When internet access is required, use a virtual private network (VPN) or other means to prevent unauthorized access.
• Use the products within a LAN and block access from untrusted networks and hosts.
• Restrict physical access to the product and your computer and network equipment on the same network.
• After you log into NZ2MHG-TSNT8F2 or NZ2MHG-TSNT4 through the web interface, change user name and password from default setting at [Account Management] displayed on the function menu. Also, set the proper access permissions for the users.
• For additional information see Mitsubishi Electric advisory 2024-002

Affected Vendors

Affected Products (2)

Affected Sectors

Critical Manufacturing