[English] [日本語]
MC Works64 AND MC Works32 SECURITY UPDATES
Mitsubishi Electric is committed to providing high-quality, secure products to its customers. To that end, Mitsubishi Electric recommends that users of MC Works64 and MC Works32 take the following steps to mitigate security risks:
- Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.
- When remote access is required, use Virtual Private Network (VPN). VPN is effective for securing the connected devices.
- Restrict network exposure for all control system devices. Control system devices should not directly face untrusted networks and hosts.
- Avoid clicking web links or opening unsolicited attachments in email messages.
- If you are not running the latest version of MC Works64 or MC Works32, install the appropriate patch files below.
NOTE ON SECURITY VULNERABILITIES
There is a note available for download that contains an overview, details and mitigation plan regarding all vulnerabilities for MC Works64 and MC Works32 Supervisory Control and Data Acquisition (SCADA) products.
Download the following notes for more information:
Denial of Service vulnerability and Remote Code Execution vulnerability in MC Works 64 and MC Works 32
Denial of Service (DoS) vulnerability in OPC UA communication function of GENESIS64 and MC Works64
Arbitrary code execution vulnerability in AutoCAD (DWG) file import function of GENESIS64 and MC Works64
MIGRATION
To mitigate security risks, Mitsubishi Electric recommends applying security patches.
MC Works64 Product Version 4.00A – 4.04E
MC Works64 Version 4.00A (Version 10.95.201.23) Security Patches
MC Works64 Version 4.02C (Version 10.95.208.31) Security Patches
MC Works64 Version 4.04E (Version 10.95.210.01) Security Patches1
MC Works64 Edge-computing Edition Version 4.00A (Version 10.95.201.37) Security Patches
MC Works64 Edge-computing Edition Version 4.01B (Version 10.95.201.40) Security Patches2
MC Works64 Edge-computing Edition Version 4.02C (Version 10.95.208.31) Security Patches
MC Works64 Edge-computing Edition Version 4.04E (Version 10.95.210.01) Security Patches1
1This security patch includes security patches earlier than this version, so if you apply this patch, you do not need to apply the security patch of Version 4.00A, 4.01B and 4.02C.
2The security patch for Version 4.01B is the same as Edge-computing Edition Version 4.00A.
MC Works64 Product Version 3.00A – 3.04E
You need to get the installer for MC Works64 Version 3.04E from your local Factory Automation sales office of Mitsubishi Electric. Please apply the following security patch after installing it.
MC Works64 Version 3.04E (Version 10.94.178.06) Security Patches
NOTE: Please remove a software license before uninstalling an existing MC Works64, and then install MC Works64 Version 3.04E. The installation and uninstallation instructions are described in “MC Works64 Version 4 Startup Manual”.
MC Works64 Product Version 2.00A – 2.02C
You need to get the installer for MC Works64 Version 2.02C from your local Factory Automation sales office of Mitsubishi Electric. Please apply the following security patch after installing it.
MC Works64 Version 2.02C (Version 10.87.178.42) Security Patches
NOTE: Please remove a software license before uninstalling an existing MC Works64, and then install MC Works64 Version 2.02C. The installation and uninstallation instructions are described in “MC Works64 Version 4 Startup Manual”.
MC Works64 Product Version 1.02C (Version 10.72.088.15) or earlier
Please contact your local Factory Automation sales office of Mitsubishi Electric.
MC Works32 Product Version 3.00A
MC Works32 Version 3.00A (Version 9.50.255.02) Security Patches
There are no active ICS-CERT vulnerabilities for currently-released MC Works64 and MC Works32 at this time. Any known ICS-CERT vulnerabilities have already been addressed in the current version of MC Works64 and MC Works32, or with the patches above.
Note: This page is hosted by ICONICS on behalf of Mitsubishi Electric.