The NCCIC has updated its alert on proof-of-concept exploit code affecting Mitsubishi Electric Europe B.V. smartRTU (Versions 2.02 and prior) and INEA ME-RTU (Versions 3.0 and prior), remote terminal products. According to a public report on the matter, there are multiple vulnerabilities that could be exploited to gain remote code execution with root privileges. CISA has notified Mitsubishi Electric Europe B.V. of the report and has asked them to confirm the vulnerabilities and identify mitigations. CISA is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. Read the alert at CISA.