Critical ICS vulnerabilities threaten Mitsubishi Electric and TrendMakers hardware across commercial facilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released two industrial control systems (ICS) advisories highlighting hardware vulnerabilities in Mitsubishi Electric and TrendMakers equipment, deployed in the commercial facilities sector. The alerts detail current security flaws, potential exploits, and mitigation steps. CISA urged users and administrators to review the advisories for technical specifics and recommended defenses.
In an advisory, CISA revealed that Mitsubishi Electric air conditioning systems have a critical vulnerability caused by missing authentication for key functions. “Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system.”
Mihály Csonka reported this vulnerability to Mitsubishi Electric.
An authentication bypass vulnerability exists in Mitsubishi Electric air conditioning systems. An attacker may bypass authentication to control the air conditioning systems illegally or disclose information from them by exploiting this vulnerability. In addition, the attacker may tamper with the firmware of the affected products using the disclosed information.
To read the complete article see: