Critical ICS vulnerabilities threaten Mitsubishi Electric and TrendMakers hardware across commercial facilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released two industrial control systems (ICS) advisories highlighting hardware vulnerabilities in Mitsubishi Electric and TrendMakers equipment, deployed in the commercial facilities sector. The alerts detail current security flaws, potential exploits, and mitigation steps.

CISA urged users and administrators to review the advisories for technical specifics and recommended defenses.

In an advisory, CISA revealed that Mitsubishi Electric air conditioning systems have a critical vulnerability caused by missing authentication for key functions. “Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system.”

Read more at Industrial Cyber