ICSA-20-161-02
·
Published 2021-04-20
·
View on CISA ICS-CERT ↗
Mitsubishi Electric MELSEC iQ-R Series (Update C)
CVSS 5.3
MEDIUM
Risk Summary
Successful exploitation of this vulnerability could cause the Ethernet port to enter a denial-of-service condition.
CVEs (1)
Remediations
- R00/01/02CPU: Firmware Versions 8 or later
- R04/08/16/32/120CPU, R04/08/16/32/120ENCPU: Firmware Versions 40 or later
- R08/16/32/120SFCPU: Firmware Versions 21 or later
- R08/16/32/120PCPU: Firmware Versions 25 or later
- R08/16/32/120PSFCPU: Firmware Versions 06 or later
- RJ71EN71: Firmware Versions 50 or later
- Mitsubishi Electric recommends users of the affected devices take the following measures for cyber-attacks such as DoS attack or unauthorized access from untrusted networks or hosts.
- Connection to untrusted networks or hosts: Check whether the modules mounted in the equipment used are connected to untrusted networks or hosts.
- Firewalls: If the modules are connected to untrusted networks or hosts, check whether measures such as firewalls are properly configured.
- Please see the publication from Mitsubishi Electric for more information.
Affected Vendors
Mitsubishi Electric
Affected Products (6)
Mitsubishi Electric
·
RJ71EN71
<= 49
Mitsubishi Electric
·
R08/16/32/120SFCPU
<= 20
Mitsubishi Electric
·
R08/16/32/120PSFCPU
<= 05
Mitsubishi Electric
·
R08/16/32/120PCPU
<= 24
Mitsubishi Electric
·
R04/08/16/32/120CPU R04/08/16/32/120ENCPU
<= 39
Mitsubishi Electric
·
R00/01/02CPU
<= 7
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more