#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Mitsubishi | Breaking Cybersecurity News | The Hacker News

Category — Mitsubishi
CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

Dec 02, 2022 ICS Security / Encryption
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency  said . GX Works3  is an  engineering workstation  software used in ICS environments, acting as a mechanism for uploading and downloading programs from/to the controller, troubleshooting software and hardware issues, and performing maintenance operations. The wide range of functions also makes the platform an attractive target for threat actors looking to compromise such systems to commandeer the  managed PLCs . Three of the 10 shortcomings relate to cleartext storage of sensitive data, four relate to the use of a...
Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

Aug 05, 2021
Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorizedly login to the CPU module, and even cause a denial-of-service (DoS) condition. The security weaknesses, disclosed by  Nozomi Networks , concern the implementation of an authentication mechanism in the  MELSEC communication protocol  that's used to communicate and exchange data with the target devices by reading and writing data to the CPU module. A quick summary of the flaws is listed below - Username Brute-force (CVE-2021-20594, CVSS score: 5.9) - Usernames used during authentication are effectively brute-forceable Anti-password Brute-force Functionality Leads to Overly Restrictive Account Lockout Mechanism (CVE-2021-20598, CVSS score: 3.7) - The implementation to thwart brute-force attacks not only blo...
cyber security

10 Steps to Microsoft 365 Cyber Resilience

websiteVeeamCyber Resilience / Data Security
75% of organizations get hit by cyberattacks, and most report getting hit more than once. Read this ebook to learn 10 steps to take to build a more proactive approach to securing your organization's Microsoft 365 data from cyberattacks and ensuring cyber resilience.
Expert Insights / Articles Videos
Cybersecurity Resources