Information from Edgecross Consortium
Vulnerability ID:JVNVU#96890975
Title:Multiple vulnerabilities in Edgecross Basic Software for Windows
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
[[[ Overview ]]]
The following Windows version of the Edgecross basic software contains multiple vulnerabilities.
- Edgecross Basic Software for Windows ECP-BS1-W, versions from 1.10 to 1.26
[[[ Description ]]]
Edgecross Basic Software for Windows, provided by Edgecross Consortium, contains third-party components.
The following vulnerabilities of the components affect Edgecross Basic Software.
- CVE-2022-0778 (OpenSSL)
- CVE-2022-29862、CVE-2022-29864 (OPC UA .NET Standard Stack)
[[[ Impact ]]]
When Management Shell Service is not stopped, crafted packets may cause the Denial-of-Service (DoS) condition.
[[[ Solution ]]]
A version that fixes this vulnerability has been released, so please update to the latest version.
For inquiries regarding the updated version, please contact Mitsubishi Electric Corporation's technical support desk at the following address.
- <Support Desk (E-mail Address)> iQ-Edgecross-Nagoya@pd.MitsubishiElectric.co.jp
