ICSA-19-311-01
·
Published 2019-11-07
·
View on CISA ICS-CERT ↗
Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability may prevent the FTP client from connecting to the FTP server on MELSEC-Q Series and MELSEC-L Series CPU module.
CVEs (1)
Remediations
- Mitsubishi Electric has produced a new version of the firmware. Additional information about this vulnerability or Mitsubishi Electric's compensating control is available by contacting a local Mitsubishi Electric representative
- Mitsubishi Electric strongly recommends that users should operate the affected device behind a firewall.
Affected Vendors
Mitsubishi Electric
Affected Products (6)
Mitsubishi Electric
·
Q04/06/13/26UDPVCPU
<= 21081
Mitsubishi Electric
·
L02/06/26CPU L26CPU-BT
<= 21101
Mitsubishi Electric
·
Q03/04/06/13/26UDVCPU
<= 21081
Mitsubishi Electric
·
L02/06/26CPU-P L26CPU-PBT
<= 21101
Mitsubishi Electric
·
L02/06/26CPU-CM L26CPU-BT-CM
<= 21101
Mitsubishi Electric
·
Q03UDECPU Q04/06/10/13/20/26/50/100UDEHCPU
<= 21081
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more