Today the CISA NCCIC-ICS published a control system security
advisory for products from Mitsubishi.
Mitsubishi Advisory
This advisory
describes a predictable exact value from previous values vulnerability in
multiple products from Mitsubishi. The vulnerability was reported by Ta-Lun Yen
of TXOne IoT/ICS Security Research Labs via the Zero Day Initiative. Mitsubishi
provides generic mitigation measures for the vulnerability and provides new
versions that mitigate the vulnerability is some of the listed products.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to hijack TCP sessions and allow
remote command execution.
NOTE: NCCIC-ICS did not provide a link to the Mitsubishi
advisory.
Posts
No comments:
Post a Comment