Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M
Summary
Mitsubishi Electric's MELSOFT Update Manager SW1DND-UDM-M is affected by several vulnerabilities, including heap-based buffer overflow and path traversal. Successful exploitation by a local attacker could lead to information tampering, denial-of-service, or arbitrary code execution when a specially crafted archive file is decompressed.
IFF Assessment
The identified vulnerabilities allow local attackers to tamper with information, cause denial-of-service, or execute arbitrary code, posing a direct threat to the integrity and availability of the affected system.
Severity
The CVSS score of 8.8 reflects the severity of the vulnerabilities, which can be exploited by a local attacker to cause significant impact including denial-of-service and arbitrary code execution through a heap-based buffer overflow and other flaws.
Defender Context
Defenders should be aware of these critical vulnerabilities in industrial control systems (ICS) software. Prompt patching or applying vendor-recommended mitigations is crucial to prevent local attackers from gaining unauthorized access or disrupting operations. This highlights the ongoing need for robust vulnerability management in operational technology (OT) environments.