OTPulse
FeedAboutContact

Mitsubishi Electric Automation MC-WorX Suite Unsecure ActiveX Control

Act NowICS-CERT ICSA-14-051-02Nov 23, 2014
Summary

Mitsubishi Electric MC-WorX Suite version 8.02 contains an unsecure ActiveX control vulnerability (CWE-749). The ActiveX control can be instantiated by a web page or email attachment, allowing arbitrary code execution in the context of the affected user. No patch is available from the vendor.

What this means
What could happen
An attacker could trick a plant operator or engineer into visiting a malicious webpage or opening an email attachment, then execute arbitrary commands on their engineering workstation with the user's privileges. This could allow the attacker to modify automation projects, control logic, or gain access to the plant network.
Who's at risk
Energy sector organizations—particularly electric utilities and industrial power generation facilities—using Mitsubishi Electric MC-WorX Suite version 8.02 for automation and control system engineering. This affects any operator or engineer who uses their workstation for both automation engineering and internet-connected activities (web browsing, email).
How it could be exploited
An attacker creates a malicious web page or email containing a reference to the vulnerable ActiveX control. When an engineer working on MC-WorX Suite accesses the web page or email in an unpatched browser, the control is instantiated and the attacker's code runs with the engineer's permissions. The attacker can then modify automation projects or pivot to other systems on the plant network.
Prerequisites
  • Engineering workstation with MC-WorX Suite 8.02 installed
  • Internet Explorer or other ActiveX-capable browser used by the engineer
  • User visits attacker-controlled website or opens attacker-crafted email while logged into the engineering workstation
  • No mitigation controls (e.g., killbits or Group Policy disabling ActiveX) in place
No patch availableHigh EPSS score (35.8%)Requires user interaction (social engineering)Affects engineering workstations with network access to production systemsEnd-of-life software with no vendor support
Exploitability
High exploit probability (EPSS 35.8%)
Affected products (1)
ProductAffected VersionsFix Status
MC-WorX Suite: 8.028.02No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
WORKAROUNDDisable ActiveX controls in Internet Explorer through Group Policy or local settings on all engineering workstations running MC-WorX Suite
HARDENINGRestrict engineering workstations to a segmented network that does not allow direct internet access from systems running MC-WorX Suite
WORKAROUNDApply Microsoft killbit to disable the vulnerable ActiveX control via Windows Registry or Group Policy if a killbit is made available
Long-term hardening
0/1
HOTFIXUpgrade to a newer version of MC-WorX Suite if available from Mitsubishi Electric, or plan long-term replacement of MC-WorX Suite with a product that has active vendor support
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/94d3a5db-ee6d-444e-9097-75c0fed3c44a
Mitsubishi Electric Automation MC-WorX Suite Unsecure ActiveX Control - OTPulse