← Back to all briefings

Infrastructure · Credibility 40/100 · · 5 min read

Infrastructure Briefing — MC Works deserialization bugs demand OT segmentation

CISA reports multiple MC Works64/32 broker and server flaws that could enable remote code execution, denial of service, or data tampering when attackers send crafted packets.

Executive briefing: CISA’s MC Works advisory highlights multiple deserialization and SQL injection issues in MC Works64 and MC Works32 brokers, platform services, and FrameWorX servers. The bulletin states that “successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering,” meaning exposed engineering workstations and HMI servers are prime targets.

Immediate actions for control system owners

  • Patch to vendor-supported builds. Mitsubishi Electric advises updating to the latest MC Works64/32 versions or applying security patches available from its MC Works vulnerability portal.
  • Restrict broker and FrameWorX exposure. Block untrusted network paths to Broker64/Broker32, Platform Services, and FrameWorX servers; only allow management access from engineering jump hosts through firewalled segments.
  • Monitor for suspicious serialization traffic. Instrument IDS rules to flag malformed packets that could trigger the CVE-2020-12007/12009/12011/12015 chain and watch FrameWorX for unexpected SQL commands.

Longer-term program improvements

  • Configuration management. Ensure brokers and servers log all administrative actions and retain logs centrally so exploitation attempts are detectable.
  • Vendor coordination. Validate patch availability across all MC Works deployments and document mitigations for instances that cannot be upgraded immediately.
  • Network design. Revisit OT segmentation diagrams to keep MC Works services off routable corporate networks and enforce least privilege for remote clients.

Source excerpts

Primary — impact statement: “Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.”

CISA ICSA-20-170-02 (Mitsubishi Electric MC Works64, MC Works32)

Primary — vendor mitigation: “Mitsubishi Electric recommends updating to the latest software version or applying security patches.”

CISA ICSA-20-170-02 (Mitsubishi Electric MC Works64, MC Works32)
  • Mitsubishi Electric
  • MC Works
  • deserialization
Back to curated briefings