Rewterz Threat Advisory – ICS Mitsubishi Electric Factory Automation Products

Severity

Medium

Analysis Summary

CVE-2020-5602, CVE-2020-5603 

 Improper restriction of XML vulnerability could allow a malicious attacker to send a file on the computer running the product to the outside and could allow a malicious attacker to cause the product to enter a denial-of-service condition.

Impact

Denial of service

Affected Vendors

Mitsubishi Electric

Affected Products

Factory Automation Engineering Software Products

Remediation

Refer to ICS advisory for the complete list of affected products and upgraded patches.

https://www.us-cert.gov/ics/advisories/icsa-20-182-02