ICSA-16-336-03
·
Published 2025-06-05
·
View on CISA ICS-CERT ↗
Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Vulnerabilities
CVSS 8.6
HIGH
CVEs (2)
Remediations
- Mitsubishi Electric has released a product revision for newer devices with serial numbers 18072 and later to implement IP filtering for the QJ71E71-100, QJ71E71-B5, and QJ71E71-B2 Ethernet interface modules. Mitsubishi Electric reports that the IP filter function improves access prevention from external sources
- however, the IP filter function does not completely prevent unauthorized access. Additional measures to encrypt communications pathway are required, such as IPsec. The cryptographic algorithm vulnerability will not be addressed.
- Additional information about the vulnerabilities or Mitsubishi Electric’s compensating control is available by contacting a local Mitsubishi representative, which can be found at the following location: (https://us.mitsubishielectric.com/fa/en/about-us/distributors)
- Mitsubishi Electric strongly recommends that users should operate the affected device behind a firewall.
Affected Vendors
Mitsubishi Electric
Affected Products (3)
Mitsubishi Electric
·
QJ71E71-100
vers:all/*
Mitsubishi Electric
·
QJ71E71-B5
vers:all/*
Mitsubishi Electric
·
QJ71E71-B2
vers:all/*
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more