Researchers from Nozomi Networks uncovered a Denial-of-Service (DoS) vulnerability in some programmable logic controllers (PLCs) developed by Mitsubishi Electric. This vulnerability tracked as (CVE-2019-10977) has been given a “high severity” rating with a CVSS score of 7.5.
What is the impact?
The vulnerability has impacted Mitsubishi Electric MELSEC-Q series PLCs, specifically QJ71E71-100 Ethernet interface module version 20121 and prior.
What is the response?
Mitsubishi Electric has patched the vulnerability in the latest QJ71E71-100 Ethernet module version v20122. In addition, organizations can implement a series of mitigations recommended by the DHS's National Cybersecurity and Communications Integration Center (NCCIC).
NCCIC has given a few mitigations to stay protected from such vulnerabilities.
“When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may also have vulnerabilities and should be updated to the most current versions available. Also recognize that VPN is only as secure as the connected devices,” NCCIC said in an advisory.