Mitsubishi Electric, a prominent Japanese electronics and electrical equipment manufacturer, faces a significant cybersecurity challenge as two serious vulnerabilities are uncovered in its factory automation products. The disclosed flaws involve a high-severity authentication bypass and a critical remote code execution vulnerability, impacting products like EZSocket, FR Configurator2, and more. This revelation, made in a recent advisory, raises concerns as attackers could potentially gain unauthorized access and execute malicious code, risking data tampering, destruction, or denial-of-service conditions.
As of now, Mitsubishi Electric has not released patches, leaving users of the affected products vulnerable. The advisory emphasizes the importance of implementing general cybersecurity measures to mitigate the risk of exploitation. According to Reid Wightman, a vulnerability analyst at industrial cybersecurity firm Dragos, these vulnerabilities could potentially be exploited directly from the internet, even though the proprietary network protocol is not typically searched by popular search engines.
In a real-world attack scenario, an attacker targeting these systems could gain high-privileged access to an engineering workstation. This could enable communication with and reprogramming of PLCs, as well as the installation of new utilities on the engineering workstation. Notably, engineering workstations have been a common initial access vector in attacks against organizations with industrial control systems (ICS) and other operational technology (OT) environments. The U.S. security agency CISA has issued an advisory to inform industrial organizations about these vulnerabilities, underlining the gravity of the situation and the potential broader impact on critical infrastructure.
