At the end of 2020, Nozomi Networks Labs began a research project on MELSOFT, the communication protocol used by Mitsubishi Electric safety PLCs, and GX Works3, the corresponding engineering workstation software. In a previous blog released last year, we presented five vulnerabilities that relate to the authentication mechanism of the MELSOFT.
In this blog, we uncover three additional vulnerabilities that affect Mitsubishi Electric GX Works3, tracked under CVE-2022-29831, CVE-2022-29832, and CVE-2022-29833 (Mitsubishi Electric advisory 2022-015, CISA advisory ICSA-22-333-05), and that, in the worst-case scenario, may lead to the compromise of safety PLCs with the only requirement being the possession of associated GX Works3 project files. ...read more!
