Rewterz Threat Advisory – CVE-2020-14478 – ICS: Rockwell FactoryTalk Services Platform XXE
June 26, 2020Rewterz Threat Alert – Latest Emotet IOCs
June 26, 2020Rewterz Threat Advisory – CVE-2020-14478 – ICS: Rockwell FactoryTalk Services Platform XXE
June 26, 2020Rewterz Threat Alert – Latest Emotet IOCs
June 26, 2020Severity
High
Analysis Summary
There is a vulnerability due to cleartext communication between Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules, and GX Works3/GX Works2. There are risks of communication data eavesdropping/tampering, unauthorized operation, and denial-of-service (DoS) attacks from attackers.
Impact
- Information disclosure
- Denial of service
Affected Vendors
Mitsubishi Electric
Affected Products
MELSEC
Remediation
Refer to vendor’s advisory for the complete list of affected products and upgraded patches.