CISA has published an advisory on an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules. Numerous versions of these products are affected. Successful exploitation of this vulnerability may prevent the FTP client from connecting to the FTP server on MELSEC-Q Series and MELSEC-L Series CPU module. Only FTP server function is affected by this vulnerability. Mitsubishi Electric has produced a new version of the firmware. It also strongly recommends that users operate the affected device behind a firewall. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
Early bird registration for H2OSecCon 2024 is now open! - REGISTER HERE