Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers. The flaws concern the implementation of an authentication mechanism in the MELSEC communication protocol that’s used to communicate and exchange data with the target devices by reading and writing data to the CPU module. An adversary could be able to acquire legitimate user names registered in the module via a brute-force attack, unauthorizedly login to the module, and even cause a denial-of-service (DoS) condition. The company recommends a combination of mitigation measures to minimize the risk of potential exploitation.
Source: https://thehackernews.com/2021/08/unpatched-security-flaws-expose.html