Wednesday, May 22, 2013

ICS-CERT Closes Mitsubishi Alert

Late Monday afternoon the DHS ICS-CERT published a new advisory for the Mitsubishi MX Component that closed the book on the alert for that equipment that was issued last month. Both documents address an ActiveX buffer overflow vulnerability that was discovered by Derek Betker and  Dr Ide, who published exploit code for the vulnerability on the web site.

ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability to execute a DOS attack or executing arbitrary code. Mitsubishi recommends upgrading the equipment to MX Component version 4.3 which is not affected by this vulnerability.

No comments:

/* Use this with templates/template-twocol.html */