November 5, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

August 4, 2020

CISA has published an advisory on an unquoted search path or element vulnerability in Mitsubishi Electric Factory Automation Engineering Products. Multiple products and versions of the products are affected. Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized information, modify information, and cause a denial-of-service condition. Mitsubishi Electric recommends users update products for which newer versions are available. For users of a product that has not released a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends a series of mitigation measures to minimize risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.