CISA 2026-06-30

Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

Machine-generated analysis · WAYSCloud LLM

The advisory states that a heap-based buffer overflow in the 7-Zip component of MELSOFT Update Manager could allow local attackers to execute arbitrary code via a specially crafted archive file.

Context

Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M is a software tool used to update Mitsubishi Electric automation products. The advisory states that versions prior to 1.015R contain multiple vulnerabilities in the bundled 7-Zip component, which could allow a local attacker to cause denial-of-service, tamper with data, or execute arbitrary code when processing a malicious archive. The affected product is used in critical manufacturing and deployed worldwide. Worth noting is that exploitation requires convincing a legitimate user to decompress a specially crafted file.

Operator considerations

Check: Inventory installations of MELSOFT Update Manager to identify versions earlier than 1.015R.
Patch: Upgrade to version 1.015R or later, as mitigations include a vendor-provided fix.
Log: Monitor file execution and archive extraction activities within the application environment if logging is available.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager.

The following versions of Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M are affected:

MELSOFT Update Manager SW1DND-UDM-M >=1.000A|=1.000A|

Read the full advisory on CISA →