← Back to home
ICSA-19-029-02  ·  Published 2025-06-24  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC-Q Series PLCs

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets to the device via Ethernet, causing Ethernet and USB communication to stop.

CVEs (1)

Remediations

  • Mitsubishi Electric has produced a new version of the firmware. Additional information about this vulnerability or Mitsubishi electric's compensating control is available by contacting a local Mitsubishi Electric representative, which can be found at the following location: https://us.mitsubishielectric.com/fa/en/about-us/distributors
  • Mitsubishi Electric strongly recommends that users should operate the affected device behind a firewall.

Affected Vendors

Mitsubishi Electric

Affected Products (3)

Mitsubishi Electric · Q03/04/06/13/26UDVCPU <=serial_number_20081
Mitsubishi Electric · Q04/06/13/26UDPVCPU <=serial_number_20081
Mitsubishi Electric · Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU <=serial_number_20101

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more