Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series

Rewterz Threat Advisory – ICS: Siemens RUGGEDCOM ROX And Electric CNM

October 15, 2021

Rewterz Threat Advisory – CVE-2021-42340 – Apache Tomcat Vulnerability

October 15, 2021

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series

Severity

High

Analysis Summary

CVE-2021-20599

Mitsubishi Electric MELSEC iQ-R Series could allow a remote attacker to bypass security restrictions, caused by improper authorization validation. By obtaining credentials other than password, an attacker could exploit this vulnerability to log in to the CPU module.

Impact

Security Bypass

Affected Vendors

Mitsubishi Electric

Affected Products

R08/16/32/120SFCPU: all versions
R08/16/32/120PSFCPU: all versions

Remediation

Refer to CERT-Advisory for patch, upgrade, or suggested workaround information.

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf

Rewterz Threat Advisory – ICS: Siemens RUGGEDCOM ROX And Electric CNM

Rewterz Threat Advisory – CVE-2021-42340 – Apache Tomcat Vulnerability

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series

Severity

Analysis Summary

CVE-2021-20599

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan