CVE-2022-23130

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01) ICONICS GENESIS64 versions 10.97 and prior ICONICS Hyper Historian versions 10.97 and prior

Description A buffer over-read issue allows an attacker to cause a denial of service (DoS) condition in the database server. This can be achieved by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and then executing commands against the database from these applications.

Recommendations For Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), consider disabling the import of configuration files until a patch is available. For ICONICS GENESIS64 versions 10.97 and prior, restrict access to the database server to minimize the risk of exploitation. For ICONICS Hyper Historian versions 10.97 and prior, avoid executing commands against the database from Hyper Historian until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.