Messer wrote: try E-Designer 7.40.
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Mitsubishi Electric Europe B.V.
Equipment: E-Designer Vulnerabilities: Heap-Based Buffer Overflow, Stack-Based Buffer Overflow, Out-of-Bounds Write AFFECTED PRODUCTS The following version of E-Designer, a Mitsubishi Electric Europe B.V. Product to program HMIs for E1000 products, is affected: • E-Designer, Version 7.52 Build 344. IMPACT Successful exploitation of these vulnerabilities can result in corruption of sensitive information, system crash, denial of service, and arbitrary code execution. MITIGATION Mitsubishi recommends the following actions to mitigate these vulnerabilities: • Use E-Designer in a safe, firewalled network. • Replace E-Designer HMIs with interfaces built with Mitsubishi’s new product, GT Works. E-Designer has been discontinued.
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.