Critical Threat

CWE-78 Improper Neutralization of Special Elements used in an OS Command:

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.

Mitsubishi Electric Europe B.V. recommends that users take note of the following mitigation measures to minimize the risk of exploiting this vulnerability:

• Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
• Use within a LAN and block access from untrusted networks and hosts through firewalls.
• Use web application firewall (WAF) to prevent to filter, monitor and block any malicious HTTP/HTTPS traffic.
• Allow web client access from trusted networks only.