Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Double-Free Vulnerability in CC-Link IE TSN Industrial Managed Switch
Alerts

Double-Free Vulnerability in CC-Link IE TSN Industrial Managed Switch

11 October 2023

Security researchers have discovered a double-free vulnerability (CVE-2022-4450) in the CC-Link IE TSN Industrial Managed Switch.

The vulnerability affects all versions of the CC-Link IE TSN Industrial Managed Switch (models NZ2MHG-TSNT8F2 and NZ2MHG-TSNT4). Successful exploitation of the vulnerability could result in denial-of-service (DoS).

Administrators are advised to address this vulnerability by adopting the following measures:

  • Use a Virtual Private Network (VPN) or other means to prevent unauthorised access when internet access is required

  • Use the products within a LAN and block access from untrusted networks and hosts

  • Restrict physical access to your computer and network equipment on the same network

  • Change username and password from default setting at [Account Management] displayed on the function menu once you log into NZ2MHG-TSNT8F2 or NZ2MHG-TSNT4 with the web interface. Also, set the proper access permissions for the users

More information is available here:
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-03
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-011_en.pdf

Back to top