Read more: www.mitsubishielectric.com
Mitsubishi Electric has identified a vulnerability, tracked as CVE-2024-0727, in its MELSEC iQ-F FX5-OPC communication units. The vulnerability is a NULL pointer dereference flaw that can be exploited by malicious actors to cause denial-of-service (DoS) conditions. The attacker could exploit this vulnerability by using a specially crafted PKCS#12 format certificate and getting a legitimate user to import it. This could cause the affected device to crash or become unresponsive, disrupting industrial operations. Mitsubishi Electric has not released a patch for this vulnerability and has recommended mitigation steps to minimize the risk of exploitation.