"Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations"

Mitsubishi Electric recently announced that two potentially serious vulnerabilities have been found in their factory automation products.  Mitsubishi Electric said several factory automation (FA) products are impacted by a high-severity authentication bypass and a critical remote code execution vulnerability.  Impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX.  The company noted that a remote unauthenticated attacker may be able to bypass authentication by sending specially crafted packets and connect to the products illegally (CVE-2023-6942).  Furthermore, the company noted that the attacker may be able to execute a malicious code by remotely calling a function with a path to a malicious library while connected to the products (CVE-2023-6943).  As a result, unauthorized users may disclose, tamper with, destroy, or delete information in the products or cause a denial-of-service (DoS) condition on the products.  The company has yet to release patches.  Users of the impacted products have been advised to implement general cybersecurity measures to reduce the risk of exploitation. 

SecurityWeek reports: "Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations"