BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • CISA Warns of Multiple Critical Vulnerabilities in Mitsubishi Electric GX Works3 Engineering Software


    Exploitation of these vulnerabilities could disrupt industrial processes.

    The US Cybersecurity and Infrastructure Protection Agency (CISA) this week issued an advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software.

    "The successful exploitation of these vulnerabilities allows unauthorized attackers to view and execute programs, gain access to the MELSEC iQ-R/F/L series processor modules and the MELSEC iQ-R OPC UA series server module," the agency said.

    GX Works3 is Mitsubishi Electric's latest generation of programming and maintenance software specifically designed for MELSEC iQ-R series control systems. It includes many new features such as graphical system configuration, built-in positioning tools, multilingual support, which creates an intuitive development environment.

    Experts divided 10 discovered vulnerabilities into several groups:

    Three vulnerabilities are related to the storage of sensitive data in the clear;
    Four of the vulnerabilities are related to the use of a hard-coded cryptographic key;
    Two - using a hard-coded password;
    One concerns inadequate credential protection.

    The most dangerous security flaws are CVE-2022-25164 and CVE-2022-29830, rated 9.1 out of 10 on the CVSS scale. Attackers can use them to gain access to the processor module and collect information about project files without obtaining any permissions.

    Another vulnerability discovered by Nozomi Networks has received the identifier CVE-2022-29831 and a score of 7.5 out of 10 on the CVSS scale: 7.5. This security hole can be exploited by a hacker who already has access to the safety PLC project file. Using a hard-coded password, a cybercriminal can gain direct access to the safety PLC CPU and disrupt industrial processes.

    Vulnerabilities CVE-2022-25164 , CVE-2022-29825 , CVE-2022-29826 , CVE-2022-29827 , CVE-2022-29828 , CVE-2022-29829 and CVE-2022-29830 were discovered by Positive researchers.

    Author DeepWeb
    Cybercriminals forced the Vatican to shut down its website
    A new way to attack Linux allows you to upload a ready-made repository to the system

    Comments 0

    Add comment