Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-F, iQ-R Series Vulnerabilities
January 27, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
January 27, 2023Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-F, iQ-R Series Vulnerabilities
January 27, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
January 27, 2023Severity
High
Analysis Summary
CVE-2022-33323
Mitsubishi Electric MELFA controllers could allow a remote attacker to bypass security restrictions, caused by active debug code. By doing an unauthorized telnet login, an attacker could exploit this vulnerability to gain unauthorized access to a robot controller.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-33323
Affected Vendors
Mitsubishi Electric
Affected Products
- Mitsubishi Electric MELFA F-Series R7.0
- Mitsubishi Electric MELFA F-Series S7.0
- Mitsubishi Electric MELFA SD/SQ Series R7.0
- Mitsubishi Electric MELFA SD/SQ Series S7.0
Remediation
Upgrade to the latest version of Mitsubishi Electric MELFA controllers firmware, available from the Mitsubishi Electric Web site.