image credit: Raysonho / wikimedia
Advisories describing the vulnerabilities were published this month by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Mitsubishi Electric. SecurityWeek has also obtained additional information from people involved in the discovery and disclosure of these flaws.
One advisory describes a critical vulnerability that exposes the affected control systems to unauthenticated XML external entity injection (XXE) attacks. The issue is tracked as CVE-2021-20595 and has a CVSS score of 9.3.
Comments are closed.
