Review – 4 Advisories Published – 7-3-25

Today CISA’s NCCIC-ICS published four control system security advisories for products from Mitsubishi (2) and Hitachi Energy (2).

Advisories

Mitsubishi Advisory #1 - This advisory describes an overly restrictive account lockout mechanism vulnerability in the Mitsubishi MELSEC iQ-F Series programable controllers.

Mitsubishi Advisory #2 - This advisory discusses two vulnerabilities {one of which is listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog} in the Mitsubishi MELSOFT Update Manager.

Hitachi Energy Advisory #1 - This advisory describes five vulnerabilities in their MicroSCADA X SYS600 product.

Hitachi Energy Advisory #2 - This advisory describes an improper check for unusual or exceptional conditions vulnerability in the Hitachi Energy Relion 670/650 and SAM600-IO series devices.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-7-3-25 - subscription required.