You are here

Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules (ICSA-19-311-01)

Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules (ICSA-19-311-01)

Created: Thursday, November 7, 2019 - 16:42
Categories:
Cyber Security

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules. Numerous versions of these products are affected. Successful exploitation of this vulnerability may prevent the FTP client from connecting to the FTP server on MELSEC-Q Series and MELSEC-L Series CPU module. Only FTP server function is affected by this vulnerability. Mitsubishi Electric has produced a new version of the firmware. It also strongly recommends that users operate the affected device behind a firewall. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.