Rewterz

Rewterz Threat Advisory – CVE-2020-14478 – ICS: Rockwell FactoryTalk Services Platform XXE

June 26, 2020
Rewterz

Rewterz Threat Alert – Latest Emotet IOCs

June 26, 2020

Rewterz Threat Advisory – CVE-2020-14476 – ICS: Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules

Severity

High

Analysis Summary

There is a vulnerability due to cleartext communication between Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules, and GX Works3/GX Works2. There are risks of communication data eavesdropping/tampering, unauthorized operation, and denial-of-service (DoS) attacks from attackers.

Impact

  • Information disclosure
  • Denial of service

Affected Vendors

Mitsubishi Electric

Affected Products

MELSEC

Remediation

Refer to vendor’s advisory for the complete list of affected products and upgraded patches.

https://www.us-cert.gov/ics/advisories/icsa-20-175-01

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.