Rewterz Threat Advisory – CVE-2020-14476 – ICS: Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules

Rewterz Threat Advisory – CVE-2020-14478 – ICS: Rockwell FactoryTalk Services Platform XXE

June 26, 2020

Rewterz Threat Alert – Latest Emotet IOCs

June 26, 2020

Rewterz Threat Advisory – CVE-2020-14476 – ICS: Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules

Severity

High

Analysis Summary

There is a vulnerability due to cleartext communication between Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules, and GX Works3/GX Works2. There are risks of communication data eavesdropping/tampering, unauthorized operation, and denial-of-service (DoS) attacks from attackers.

Impact

Information disclosure
Denial of service

Affected Vendors

Mitsubishi Electric

Affected Products

MELSEC

Remediation

Refer to vendor’s advisory for the complete list of affected products and upgraded patches.

https://www.us-cert.gov/ics/advisories/icsa-20-175-01

Rewterz Threat Advisory – CVE-2020-14478 – ICS: Rockwell FactoryTalk Services Platform XXE

Rewterz Threat Alert – Latest Emotet IOCs

Rewterz Threat Advisory – CVE-2020-14476 – ICS: Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan