Due to several significant factors, there are a limited number of automobile manufacturers. The
infrastructure expenses alone are massive and limit the scape of potential persons and organizations
financially able to be involved.
infrastructure expenses alone are massive and limit the scape of potential persons and organizations
financially able to be involved.
Mitsubishi is Japan-based, is one of these manufacturers. As with most of the organizations, there are
separate organizations under the general corporate envelope. For Mitsubishi, one of these is
Mitsubishi Electric.
separate organizations under the general corporate envelope. For Mitsubishi, one of these is
Mitsubishi Electric.
FR Configurator 2 Inverter Engineering Software
The subject issue is with the FR Configurator 2 inverter software. This affects version 1.165 and 1.10L
and prior to SW1DND-FRCZ-E or -J. This works to permit the user to set-up, program, configure,
and monitor the drives. This software runs on all versions of MS Windows. This is used throughout
the world.
and prior to SW1DND-FRCZ-E or -J. This works to permit the user to set-up, program, configure,
and monitor the drives. This software runs on all versions of MS Windows. This is used throughout
the world.
Vulnerabilities
With this software tool, there are three significant vulnerabilities. The first is a high severity issue
with a CVSSv3 score of 8.8. This is associated with the XML external entity (XXE) processing.
This works by exploiting the DTD parameter. When this vulnerability is exploited, the attacker is
able to read and exfiltrate files located on the targeted system. To execute this, the user has to
only open a malicious files. As a bonus, this may in certain instances allow the attacker to execute
their malicious code on the target system. This has been labeled as ICSA-10-204-01 and
CVE-2019-10976.
with a CVSSv3 score of 8.8. This is associated with the XML external entity (XXE) processing.
This works by exploiting the DTD parameter. When this vulnerability is exploited, the attacker is
able to read and exfiltrate files located on the targeted system. To execute this, the user has to
only open a malicious files. As a bonus, this may in certain instances allow the attacker to execute
their malicious code on the target system. This has been labeled as ICSA-10-204-01 and
CVE-2019-10976.
The second vulnerability permits the attacker to force the software from responding. This operates
much like a DoS attack, aka CPU exhaustion. The only way to resolve this is to do a hard restart.
This vulnerability is labeled as ICSA-19-204-01 and CVE-2019-10972. This vulnerability has been
rated as the medium severity issue with a CVSSv3 score of 5.5. This is exploited also by having the
user open a malicious file. The first and second vulnerabilities both require social engineering and a
phishing attempt. The end goal is to have the user open the email and attachment.
much like a DoS attack, aka CPU exhaustion. The only way to resolve this is to do a hard restart.
This vulnerability is labeled as ICSA-19-204-01 and CVE-2019-10972. This vulnerability has been
rated as the medium severity issue with a CVSSv3 score of 5.5. This is exploited also by having the
user open a malicious file. The first and second vulnerabilities both require social engineering and a
phishing attempt. The end goal is to have the user open the email and attachment.
The third and last vulnerability rated as high severity, under the CVSSv3 score of 8.2. With this issue,
the problem is with the binary’s read, write, and execute rights. This allows for privilege escalation.
When exploited, this allows an account with lower-level privileges, such as a guest account, to
increase their rights, and may execute malicious files.
the problem is with the binary’s read, write, and execute rights. This allows for privilege escalation.
When exploited, this allows an account with lower-level privileges, such as a guest account, to
increase their rights, and may execute malicious files.
Remediated
These vulnerabilities were relatively significant. These could allow successful attackers to effectively
shut down a system, exfiltrate data, and elevate privileges. Mitsubishi Electric advised the users not
to open files from sources unknown or untrusted to the user. When the user receives an email that
is unsolicited, the user should not click on links or attachments.
shut down a system, exfiltrate data, and elevate privileges. Mitsubishi Electric advised the users not
to open files from sources unknown or untrusted to the user. When the user receives an email that
is unsolicited, the user should not click on links or attachments.
Resources
Cyware. (2019, July 24). Vulnerabilities found in mitsubishi inverter engineering software. Retrieved
from
https://cyware.com/news/vulnerabilities-found-in-mitsubishi-inverter-engineering-software-fe6610d7
from
https://cyware.com/news/vulnerabilities-found-in-mitsubishi-inverter-engineering-software-fe6610d7
ISS Source. (2019, July 23). Mitsubishi fixes FR configurator 2 holes. Retrieved from
https://isssource.com/mitsubishi-fixes-fr-configurator-2-holes/
https://isssource.com/mitsubishi-fixes-fr-configurator-2-holes/
Kovacs, E. (2019, July 24). Vulnerabilities found in mitsubishi inverter engineering software. Retrieved
from https://www.securityweek.com/vulnerabilities-found-mitsubishi-invertr-engineering-software
from https://www.securityweek.com/vulnerabilities-found-mitsubishi-invertr-engineering-software
Mitsubishi Electronic. (2019, July 23). XML vulnerability in FR configurator 2. Retrieved from
https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/2019-001.pdf
https://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/2019-001.pdf
Mitsubishi Electric. (2019, July 24). AUSCERT external security bulletin redistribution.
US-Cert. (2019, July 23). ICS advisory (ICSA-19-204-01). Retrieved from
https://www.us-cert.gov/ics/advisories/icsa-19-204-01
https://www.us-cert.gov/ics/advisories/icsa-19-204-01
Westenberg, T. (2019, July 24). AR 2019011: Mitsubishi electric FR configurator 2 multiple
vulnerabilities.
vulnerabilities.
Zurkus, K. (2019, May 22). Firmware vulnerability in mitsubishi electric. Retrieved from
https://www.infosecurity-magazine.com/news/firmware-vulnerability-in-1/
https://www.infosecurity-magazine.com/news/firmware-vulnerability-in-1/
No comments:
Post a Comment