Rewterz Threat Alert – Conti Ransomware Group Attacks Indonesia’s Central Bank – Fresh IOCs
January 21, 2022Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
January 21, 2022Severity
High
Analysis Summary
CVE-2022-23127
ICONICS MobileHMI and Mitsubishi Electric MC Mobile products lack proper validation checks on user input and external data when they are used to render a page to the client.
CVE-2022-23128
The FrameWorX Server in all ICONICS Suite and Mitsubishi Electric MC Works64 products can allow an attacker to bypass GENESIS64 /MC Works64 security when opening a communication channel to the WebSocket endpoint (Port 80 or 443) of the FrameWorX Server.
CVE-2022-23129
The GENESIS64 and MC Works64 Workbench “export to CSV” function may expose a password in plain text when used to export the GridWorX Server configuration.
CVE-2022-23130
A coding error in the SQL query engine memory allocation code makes it possible to execute a series of SQL commands in a GENESIS64 system or a MC Works64 system, which could cause a crash of the SQL Query Engine and result in the disabling of the SQL Server.
Impact
- Unauthorized Access
- Cross-Site Scripting
- Buffer Overflow
- Code Execution
Affected Vendors
- ICONICS and Mitsubishi Electric
Affected Products
- CWE-79 All versions up to and including 10.96.2
- CWE-184 All versions from 10.95.3 to 10.97
- CWE-256 All versions from 10.90 to 10.97
- CWE-126 All versions up to and including 10.97
- CWE-79 All versions prior to 4.04E (10.95.210.01)
- CWE-184 MC Works64: Version 4.00A (v10.95.201.23) to 4.04E (v10.95.210.01)
- CWE-256 All versions prior to 4.04E (10.95.210.01)
- CWE-126 MC Works64: Version 4.00A (v10.95.201.23) to 4.04E (v10.95.210.01)
Remediation
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.
https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01