Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

ICS-CERT Warns of Mitsubishi MX SCADA Vulnerability

ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.

The MX Component is an Active X control library that supports all communication paths from the PC to the PLC. Last month, a researcher released Proof-of-Concept code that would enable an attacker to open a shell on port 5500.

ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.

The MX Component is an Active X control library that supports all communication paths from the PC to the PLC. Last month, a researcher released Proof-of-Concept code that would enable an attacker to open a shell on port 5500.

The targeted DLL file (ActUWzd.dll) was shipped with CitectScada (now known as Schneider Electric) products, but it is unknown if it is still used. However, older installations will be vulnerable.

Critical Infrastructure Security

“ICS-CERT is aware of a public report of a heap-based buffer overflow vulnerability with proof-of-concept (PoC) exploit code affecting Mitsubishi MX, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product,” the CERT advisory (PDF) explains. 

“According to this report, the vulnerability is exploitable when an attacker provides specially crafted input. This report was released without coordination with either the vendor or ICS-CERT. ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations.”

Currently, there is no fix available and Mitsubishi hasn’t issued any statements regarding the CERT advisory. The code itself, and additional details on the vulnerability can be seen here.

The OSVDB summary is here.

It is unknown if the vulnerability details have been used in an attack. ICS-CERT advises that organizations minimize network exposure for all control systems, and ensure that remote access to devices that must be connected to a network be properly secured.

Advertisement. Scroll to continue reading.

Related Reading: Critical Infrastructure is the New Battleground for Cyber Security

Related Reading: SCADA Honeypots Shed Light on Attacks Against Critical Infrastructure

Related ReadingPutting SCADA Protection on the Radar

Related Reading: ICS-CERT Examines 3 Years of Data to Reveal Common Vulnerabilities for Critical Asset Owners

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.