Mitsubishi Electric MELSEC iQ-R (ICSA-20-303-02)

CISA has published an advisory on a improper restriction of operations within the bounds of a memory buffer, session fixation, NULL pointer dereference, improper access control, argument injection, and resource management errors vulnerability in Mitsubishi Electric MELSEC iQ-R. Numerous versions of the products in these series are affected. Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution. Mitsubishi Electric recommends users take a series of mitigation measures to minimize the risk of exploiting this vulnerability. CISA has also provided a series of measures to help mitigate the vulnerability. Read the advisory at WaterISAC.