Mitsubishi Electric Corporation has encountered a substantial vulnerability affecting multiple factory automation products, specifically the MELSEC iQ-F Series. The vulnerability, identified as an Insufficient Resource Pool issue, poses a serious risk of exploitation, potentially leading to a temporary denial-of-service (DoS) condition in the product’s Ethernet communication. This could be triggered remotely, emphasizing the critical need for immediate action to address and mitigate the vulnerability.
To combat the risk, Mitsubishi Electric recommends several mitigation measures, including the use of firewalls and VPNs to prevent unauthorized access, and the implementation of IP filter functions to block access from untrusted hosts. Additionally, restricting physical access to affected products and LANs is advised to enhance security. The Cybersecurity and Infrastructure Security Agency (CISA) echoes these recommendations and urges organizations to take proactive defensive measures to protect their industrial control systems (ICS) assets.
Reference:
