CISA has published an advisory on an improper restriction of XML external entity reference and uncontrolled resource consumption vulnerability in Mitsubishi Electric Factory Automation Engineering Software Products. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow a local attacker to send files outside of the system as well as cause a denial-of-service condition. Mitsubishi Electric recommends affected users download the latest version of each software product and update it. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.