Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

5 August 2021

Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorized login to the CPU module, and even cause a denial-of-service (DoS) condition. The security weaknesses, disclosed by Nozomi Networks, concern the implementation of an authentication mechanism in the MELSEC communication protocol that’s used to exchange data with the target devices that is used for communication with target devices by reading and writing data to the CPU module.

Read full article on The Hacker News

Date:

5 August 2021

Categorie(s):

NEWS

Tag(s):

Attacks, IT, PLCs, Remote, Safety

A week in security (April 22 – April 28)29 April 2024
Okta Warns of Credential Stuffing Attacks Using Proxy Services29 April 2024
Android Malware Brokewell With Complete Device Takeover Capabilities29 April 2024
Fileless .NET Based Code Injection Attack Delivers AgentTesla Malware29 April 2024
Prompt Fuzzer: Open-source tool for strengthening GenAI apps29 April 2024