Security Experts:

ICS-CERT Warns of Mitsubishi MX SCADA Vulnerability

ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.

The MX Component is an Active X control library that supports all communication paths from the PC to the PLC. Last month, a researcher released Proof-of-Concept code that would enable an attacker to open a shell on port 5500.

The targeted DLL file (ActUWzd.dll) was shipped with CitectScada (now known as Schneider Electric) products, but it is unknown if it is still used. However, older installations will be vulnerable.

Critical Infrastructure Security

“ICS-CERT is aware of a public report of a heap-based buffer overflow vulnerability with proof-of-concept (PoC) exploit code affecting Mitsubishi MX, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product,” the CERT advisory (PDF) explains. 

“According to this report, the vulnerability is exploitable when an attacker provides specially crafted input. This report was released without coordination with either the vendor or ICS-CERT. ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations.”

Currently, there is no fix available and Mitsubishi hasn’t issued any statements regarding the CERT advisory. The code itself, and additional details on the vulnerability can be seen here.

The OSVDB summary is here.

It is unknown if the vulnerability details have been used in an attack. ICS-CERT advises that organizations minimize network exposure for all control systems, and ensure that remote access to devices that must be connected to a network be properly secured.

Related Reading: Critical Infrastructure is the New Battleground for Cyber Security

Related Reading: SCADA Honeypots Shed Light on Attacks Against Critical Infrastructure

Related ReadingPutting SCADA Protection on the Radar

Related Reading: ICS-CERT Examines 3 Years of Data to Reveal Common Vulnerabilities for Critical Asset Owners

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.