. home.aspx



Firmware Vulnerability in Mitsubishi Electric

May 22, 2019 / Kacy Zurkus

A vulnerability in Mitsubishi Electric’s MELSEC-Q Series Ethernet Module could allow a remote attacker to gain escalated privileges, according to an ICS-CERT advisory. Reported by Nozomi Networks, the vulnerability “could allow an attacker to render the PLCs statue in fault mode, requiring a cold restart for recovering the system and/or doing privilege escalation or executive arbitrary code in the context of the affected system of the workstation engineering software,” said Nozomi Networks co-founder and CTO Moreno Carullo. On May 21, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an ICS-CERT Advisory (ICSA-19-141-0s), noting that the vulnerability in uncontrolled resource consumption was exploitable remotely and required a low skill level to exploit.  “Organizations that may be potentially impacted can implement the following National Cybersecurity and Communications Integration Center (NCCIC) ...