A vulnerability in Mitsubishi Electric’s MELSEC-Q Series Ethernet Module could allow a remote attacker to gain escalated privileges, according to an ICS-CERT advisory. Reported by Nozomi Networks, the vulnerability “could allow an attacker to render the PLCs statue in fault mode, requiring a cold restart for recovering the system and/or doing privilege escalation or executive arbitrary code in the context of the affected system of the workstation engineering software,” said Nozomi Networks co-founder and CTO Moreno Carullo.
Read full article on Infosecurity