Tuesday, September 1, 2020

1 Advisory Published – 9-1-20


Today the CISA NCCIC-ICS published a control system security advisory for products from Mitsubishi.

Mitsubishi Advisory


This advisory describes a predictable exact value from previous values vulnerability in multiple products from Mitsubishi. The vulnerability was reported by Ta-Lun Yen of TXOne IoT/ICS Security Research Labs via the Zero Day Initiative. Mitsubishi provides generic mitigation measures for the vulnerability and provides new versions that mitigate the vulnerability is some of the listed products.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to hijack TCP sessions and allow remote command execution.

NOTE: NCCIC-ICS did not provide a link to the Mitsubishi advisory.

No comments:

 
/* Use this with templates/template-twocol.html */