ICSA-22-020-01
Vulnerability from csaf_cisa - Published: 2022-01-20 07:00 - Updated: 2026-01-08 07:00Summary
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric HMI SCADA (Update A)
Notes
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Risk evaluation
Successful exploitation of these vulnerabilities could result in unauthorized access to information or to GENESIS32, GENESIS64 and MC Works64 functionality, or the disabling of SQL Server.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
United States (Mitsubishi Electric Iconics Digital Solutions), Japan (Mitsubishi Electric)
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
{
"document": {
"acknowledgments": [
{
"organization": "Mitsubishi Electric Iconics Digital Solutions",
"summary": "reported these vulnerabilities to CISA"
},
{
"organization": "Mitsubishi Electric",
"summary": "reported these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in unauthorized access to information or to GENESIS32, GENESIS64 and MC Works64 functionality, or the disabling of SQL Server.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States (Mitsubishi Electric Iconics Digital Solutions), Japan (Mitsubishi Electric)",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-020-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-020-01.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-22-020-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
}
],
"title": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric HMI SCADA (Update A)",
"tracking": {
"current_release_date": "2026-01-08T07:00:00.000000Z",
"generator": {
"date": "2026-01-08T00:05:34.123002Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-020-01",
"initial_release_date": "2022-01-20T07:00:00.000000Z",
"revision_history": [
{
"date": "2022-01-20T07:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2026-01-08T07:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Added GENESIS32."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=10.96.2",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: \u003c=10.96.2",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=10.95.3|\u003c10.97",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: \u003e=10.95.3|\u003c10.97",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=10.90|\u003c10.97",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: \u003e=10.90|\u003c10.97",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=10.97",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: \u003c=10.97",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.04E_10.95.210.01",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Mitsubishi Electric MC Works64: \u003c4.04E_10.95.210.01",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MC Works64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=4.00A_v10.95.201.23|\u003c4.04E_v10.95.210.01",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Mitsubishi Electric MC Works64: \u003e=4.00A_v10.95.201.23|\u003c4.04E_v10.95.210.01",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MC Works64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.04E_10.95.210.01",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Mitsubishi Electric MC Works64: \u003c4.04E_10.95.210.01",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MC Works64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=4.00A_v10.95.201.23|\u003c4.04E_v10.95.210.01",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Mitsubishi Electric MC Works64: \u003e=4.00A_v10.95.201.23|\u003c4.04E_v10.95.210.01",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Mitsubishi Electric MC Works64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric GENESIS32: vers:all/*",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "GENESIS32"
}
],
"category": "vendor",
"name": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23127",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICONICS MobileHMI and Mitsubishi Electric MC Mobile products lack proper validation checks on user input and external data when rendering pages to the client.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23127"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric are releasing critical fixes, rollups, or patches for these products. GENESIS64 Version 10.97.1 and later will no longer be vulnerable to these exploits.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "For the highest level of security, it is recommended that users use the current development version of Mitsubishi Electric Iconics Digital Solutions products as defined in the product lifecycle policy (GENESIS V11 at the time of this writing) and keep it up to date with the latest releases. Note that upgrading from V9 to V11 may require replacing some of the V9 applications, depending on the specific applications in use, with different V11 applications. Consult Mitsubishi Electric Iconics Digital Solutions on the options for upgrades.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
],
"url": "https://iconics.com/en-us/Lifecycle-Policy"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend users of these products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in email messages.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Install the applicable critical fixes and rollup releases when available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Users can find additional information and useful links related to the GENESIS64 security updates on the Mitsubishi Electric Iconics Digital Solutions website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
],
"url": "https://iconics.com/certs"
},
{
"category": "mitigation",
"details": "Users can find additional information and useful links related to the MC Works64 security updates on the Mitsubishi Electric website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/index.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2022-23128",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "summary",
"text": "The FrameWorX Server in all ICONICS Suite and Mitsubishi Electric MC Works64 products may allow an attacker to bypass security controls in GENESIS64 or MC Works64 when opening a communication channel to the WebSocket endpoint (Port 80 or 443).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23128"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric are releasing critical fixes, rollups, or patches for these products. GENESIS64 Version 10.97.1 and later will no longer be vulnerable to these exploits.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "For the highest level of security, it is recommended that users use the current development version of Mitsubishi Electric Iconics Digital Solutions products as defined in the product lifecycle policy (GENESIS V11 at the time of this writing) and keep it up to date with the latest releases. Note that upgrading from V9 to V11 may require replacing some of the V9 applications, depending on the specific applications in use, with different V11 applications. Consult Mitsubishi Electric Iconics Digital Solutions on the options for upgrades.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
],
"url": "https://iconics.com/en-us/Lifecycle-Policy"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend users of these products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in email messages.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Install the applicable critical fixes and rollup releases when available.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Users can find additional information and useful links related to the GENESIS64 security updates on the Mitsubishi Electric Iconics Digital Solutions website.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
],
"url": "https://iconics.com/certs"
},
{
"category": "mitigation",
"details": "Users can find additional information and useful links related to the MC Works64 security updates on the Mitsubishi Electric website.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/index.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-23129",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "summary",
"text": "The GENESIS64 and MC Works64 Workbench \"export to CSV\" function may expose a password in plain text when used to export the GridWorX Server configuration.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23129"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric are releasing critical fixes, rollups, or patches for these products. GENESIS64 Version 10.97.1 and later will no longer be vulnerable to these exploits.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "For the highest level of security, it is recommended that users use the current development version of Mitsubishi Electric Iconics Digital Solutions products as defined in the product lifecycle policy (GENESIS V11 at the time of this writing) and keep it up to date with the latest releases. Note that upgrading from V9 to V11 may require replacing some of the V9 applications, depending on the specific applications in use, with different V11 applications. Consult Mitsubishi Electric Iconics Digital Solutions on the options for upgrades.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
],
"url": "https://iconics.com/en-us/Lifecycle-Policy"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend users of these products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in email messages.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Install the applicable critical fixes and rollup releases when available.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Users can find additional information and useful links related to the GENESIS64 security updates on the Mitsubishi Electric Iconics Digital Solutions website.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
],
"url": "https://iconics.com/certs"
},
{
"category": "mitigation",
"details": "Users can find additional information and useful links related to the MC Works64 security updates on the Mitsubishi Electric website.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/index.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2022-23130",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A coding error in the SQL query engine memory allocation code could allow execution of a series of SQL commands in a GENESIS64 system or an MC Works64 system, which could crash the SQL Query Engine and disable the SQL Server.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23130"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric are releasing critical fixes, rollups, or patches for these products. GENESIS64 Version 10.97.1 and later will no longer be vulnerable to these exploits.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "vendor_fix",
"details": "For GENESIS32 users, there are no plans to release a security patch or a version with security countermeasures. Version 9 products are in the retired stage of the product lifecycle. As described in the product lifecycle policy, these versions are no longer monitored for security vulnerabilities, nor are they being fixed or patched. See the policy for full details.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://iconics.com/en-us/Lifecycle-Policy"
},
{
"category": "mitigation",
"details": "For the highest level of security, it is recommended that users use the current development version of Mitsubishi Electric Iconics Digital Solutions products as defined in the product lifecycle policy (GENESIS V11 at the time of this writing) and keep it up to date with the latest releases. Note that upgrading from V9 to V11 may require replacing some of the V9 applications, depending on the specific applications in use, with different V11 applications. Consult Mitsubishi Electric Iconics Digital Solutions on the options for upgrades.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://iconics.com/en-us/Lifecycle-Policy"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric recommend users of these products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in email messages.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Install the applicable critical fixes and rollup releases when available.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Users can find additional information and useful links related to the GENESIS64 security updates on the Mitsubishi Electric Iconics Digital Solutions website.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://iconics.com/certs"
},
{
"category": "mitigation",
"details": "Users can find additional information and useful links related to the MC Works64 security updates on the Mitsubishi Electric website.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/index.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…