ICS Network Controllers Open to Remote Exploit, No Patches Available

CISA advisory warns of critical ICS device flaws, but a lack of available fixes leaves network administrators on defense to prevent exploits.

A security advisory issued this week by the Cybersecurity and Infrastructure Security Agency (CISA) alerts administrators of vulnerabilities in two industrial control systems devices — Unitronics Vision Series PLCs and Mitsubishi Electric MELSEC iQ-R Series.
CISA warned that the Unitronics Vision Series PLC controller is open to remote exploit due to its storage of passwords in a recoverable format. This vulnerability (CVE-2024-1480) was assigned a CVSS score of 8.7.
Unitronics has not responded to, or worked with, the agency to mitigate the issue, leaving networks with these devices open to cyberattack, according to CISA. The advisory recommends ensuring the controllers are not connected to the Internet, isolating them from business networks, protecting the devices behind firewalls, and using secure methods, like virtual private networks (VPNs), for remote access.
The remaining
ICS vulnerabilities
impact the Mitsubishi Electric Corporation MELSEC iQ-R CPU Module. A design flaw in the CPU, tracked under CVE-2021-20599, has been assigned a CVSS score of 9.1. The unit transmits passwords in cleartext, which are easily intercepted by adversaries.
The Mitsubishi MELSEC CPUs also harbor a trio of reported flaws that could allow a threat actor to compromise usernames, access the device, and deny access to legitimate users. These include: exposure of sensitive information (CVE-2021-20594, CVSS 5.9); insufficiently protected credentials (CVE-2021-20597, CVSS 7.4); and a restrictive account lockout mechanism (CVE-2021-20598, CVSS 3.7).
Mitsubishi is working to provide mitigations and workarounds for the issues. However, systems with these devices are unable to be updated with a fix, according to CISA. The agency advises administrators with these devices in their networks to shore up defenses with firewalls, remote access limitations, and IP address restrictions.
Mitsubishi Electric has released the fixed version ... but updating the product to the fixed version is not available, the advisory said. CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
ICS Network Controllers Open to Remote Exploit, No Patches Available