Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations

Critical and high-severity Mitsubishi Electric Factory Automation vulnerabilities can allow privileged access to engineering workstations. 

Two potentially serious vulnerabilities have been found in factory automation products made by Japanese electronics and electrical equipment manufacturing firm Mitsubishi Electric.

In an advisory published last week, Mitsubishi Electric said several factory automation (FA), products are impacted by a high-severity authentication bypass and a critical remote code execution vulnerability. 

Impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX.

“A remote unauthenticated attacker may be able to bypass authentication by sending specially crafted packets and connect to the products illegally (CVE-2023-6942),” the vendor explained. “Furthermore, the attacker may be able to execute a malicious code by remotely calling a function with a path to a malicious library while connected to the products (CVE-2023-6943). As a result, unauthorized users may disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service (DoS) condition on the products.”

The company has yet to release patches. Users of the impacted products have been advised to implement general cybersecurity measures to reduce the risk of exploitation. 

Reid Wightman, vulnerability analyst at industrial cybersecurity firm Dragos, who has been credited with reporting the issues to Mitsubishi, told SecurityWeek that the flaws could be exploited directly from the internet, but it’s unclear if any systems are directly accessible from the web. 

“This is a proprietary network protocol, and search engines such as Shodan do not look for the exposed service presently. While we hope that nobody who uses this software is exposing their computers to the Internet directly, these things do sometimes happen,” Wightman explained.

As for potential impact in a real world attack scenario, the researcher explained, “If an attacker targets these systems, they will gain high-privileged access to an engineering workstation. This means the attacker can likely communicate with and reprogram PLCs, as well as install new utilities on the engineering workstation.”

Advertisement. Scroll to continue reading.

Engineering workstations have been used as an initial access vector in many attacks aimed at organizations with industrial control systems (ICS) and other operational technology (OT) environments.

The US security agency CISA has also published an advisory to inform industrial organizations about these vulnerabilities.

On the same day, Mitsubishi and CISA also published advisories describing another authentication bypass issue, one affecting MELSEC WS series Ethernet interface modules. However, this flaw only has a severity rating of ‘medium’ because exploitation involves a man-in-the-middle attack.

“A remote unauthenticated attacker can bypass authentication by capture-replay attack and illegally login to the modules. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules,” the vendor said.

It’s worth noting that Mitsubishi Electric appears to be putting a lot of effort into addressing vulnerabilities found in its products. The company last year released 36 security advisories and a high number of advisories is typically an indicator that the company takes vulnerability reports seriously. 

Related: Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws

Related: Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations

Related: Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks

Related: Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...