The NCCIC has published an advisory on improper restriction of XML external entity reference and uncontrolled resource consumption vulnerabilities in Mitsubishi Electric FR Configurator2. Versions 1.16S and prior are affected. Successful exploitation of these vulnerabilities may enable arbitrary files to be read or cause a denial-of-service condition. Mitsubishi Electric has released Version 1.17T for the reported vulnerabilities. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!