CISA delivers warnings concerning DoS attacks and remote code execution.
Critical OpenSSL flaws that were identified earlier this year make Mitsubishi Electric industrial control software that is widely used vulnerable.
The company's GT SoftGOT2000 is utilized in crucial manufacturing applications, according to the US Cyber Security and Infrastructure Security Agency (CISA).
The company's GOT controllers are simulated by GT SoftGOT2000 on PCs, providing control over everything from PLCs to industrial robots.
The software is susceptible to the contentious command injection problem, CVE-2022-1292, which in June spurred debates over whether or not it provided a vector for remote code execution.
Given that the CISA alert rates the problem as critical and gives it a Common Vulnerabilities Scoring System score of 9.8, that query must have been answered.
Tavis Ormandy, a Google researcher, identified the second OpenSSL flaw, CVE-2022-0778, as an infinite loop denial-of-service bug in February.
March saw a patch.
Mitsubishi claimed that GT SoftGOT2000 version 1.280S or later has the issues fixed (pdf).
