← Back to home
ICSA-20-245-01  ·  Published 2024-06-13  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric Multiple Products (Update G)

CVSS 7.3 HIGH

Risk Summary

Successful exploitation of this vulnerability could be used to hijack TCP sessions and allow remote command execution.

CVEs (1)

Remediations

  • Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting this vulnerability:
  • Use a firewall or VPN, etc., to prevent unauthorized access when Internet access is required.
  • Use within a LAN and ensure that they are not accessible from untrusted networks and hosts.
  • Restrict physical access to affected products and any network devices on the network to which the products are connected (e.g., storing in locked cabinets, attaching seals to unused Ethernet ports).
  • Install an antivirus software in your computer to access the product.
  • Mitsubishi Electric has also released the following fixed versions, some products cannot be updated to the fixed version. Please check the Mitsubishi Electric website for details.
  • R12CCPU-V: Version 14 or later
  • RD55UP06-V: Version 10 or later
  • RD55UP12-V: Version 02 or later
  • RJ71GN11-T2: Version 12 or later
  • Q03UDECPU: the first 5 digits of serial number 22082 or later
  • Q24DHCCPU-V: the first 5 digits of serial number 24032 or later
  • Q24DHCCPU-VG: the first 5 digits of serial number 24032 or later
  • Q04UDEHCPU: the first 5 digits of serial number 22082 or later
  • Q06UDEHCPU: the first 5 digits of serial number 22082 or later
  • Q10UDEHCPU: the first 5 digits of serial number 22082 or later
  • Q13UDEHCPU: the first 5 digits of serial number 22082 or later
  • Q20UDEHCPU: the first 5 digits of serial number 22082 or later
  • Q26UDEHCPU: the first 5 digits of serial number 22082 or later
  • Q50UDEHCPU: the first 5 digits of serial number 22082 or later
  • Q100UDEHCPU: the first 5 digits of serial number 22082 or later
  • Q03UDVCPU: the first 5 digits of serial number 22032 or later
  • Q04UDVCPU: the first 5 digits of serial number 22032 or later
  • Q06UDVCPU: the first 5 digits of serial number 22032 or later
  • Q13UDVCPU: the first 5 digits of serial number 22032 or later
  • Q26UDVCPU: the first 5 digits of serial number 22032 or later
  • Q04UDPVCPU: the first 5 digits of serial number 22032 or later
  • Q06UDPVCPU: the first 5 digits of serial number 22032 or later
  • Q13UDPVCPU: the first 5 digits of serial number 22032 or later
  • Q26UDPVCPU: the first 5 digits of serial number 22032 or later
  • L02CPU(-P): the first 5 digits of serial number 22052 or later
  • L06CPU(-P): the first 5 digits of serial number 22052 or later
  • L26CPU(-P): the first 5 digits of serial number 22052 or later
  • L26CPU-(P)BT: the first 5 digits of serial number 22052 or later
  • R08SFCPU: Version 23 or later
  • R16SFCPU: Version 23 or later
  • R32SFCPU: Version 23 or later
  • R120SFCPU: Version 23 or later
  • R08PSFCPU: Version 06 or later
  • R16PSFCPU: Version 06 or later
  • R32PSFCPU: Version 06 or later
  • R120PSFCPU: Version 06 or later
  • R08PCPU: Version 25 or later
  • R16PCPU: Version 25 or later
  • R32PCPU: Version 25 or later
  • R120PCPU: Version 25 or later
  • R00CPU: Version 19 or later
  • R01CPU: Version 19 or later
  • R02CPU: Version 19 or later
  • R04CPU: Version 51 or later
  • R08CPU: Version 51 or later
  • R16CPU: Version 51 or later
  • R32CPU: Version 51 or later
  • R120CPU: Version 51 or later
  • R04ENCPU: Version 51 or later
  • R08ENCPU: Version 51 or later
  • R16ENCPU: Version 51 or later
  • R32ENCPU: Version 51 or later
  • R120ENCPU: Version 51 or later
  • FX5U(C)-**M*/** Serial number 17X**** or later, Version 1.210 and prior: Update to Version 1.211 or later
  • FX5U(C)-**M*/** Serial number 179**** and prior, Version 1.070 and prior: Update to Version 1.071 or later
  • FX5UC-32M*/**-TS, Version 1.210 and prior: Update to Version 1.211 or later
  • FX5UJ-**M*/**, Version 1.000: Update to Version 1.001 or later
  • FX5-ENET: Version 1.003 or later
  • FX5-ENET/IP: Version 1.003 or later
  • FX3U-ENET-ADP: Version 1.24 or later
  • FX3GE-**M*/**: the first 3 digits of serial number 20Y or later
  • FX3U-ENET: Version 1.16 or later
  • FX3U-ENET-L: Version 1.16 or later
  • FX3U-ENET-P502: Version 1.16 or later
  • FX5-CCLGN-MS: Version 1.001 or later
  • FR-A800-E Series: production date January 2021 or later
  • FR-F800-E Series: production date January 2021 or later
  • FR-A8NCG: production date September 2020 or later
  • FR-E800-EPA Series: production date August 2020 or later
  • FR-E800-EPB Series: production date August 2020 or later
  • RJ71EN71: Version 49 or later
  • QJ71E71-100: the first 5 digits of serial number 22102 or later
  • LJ71E71-100: the first 5 digits of serial number 22102 or later
  • QJ71MT91: the first 5 digits of serial number 22102 or later
  • NZ2GACP620-60: Version 1.04E or later
  • NZ2GACP620-300: Version 1.04E or later
  • LE7-40GU-L: screen package data, version 1.02 or later
  • GOT2000 Series GT21 Model: Version 01.45.000 or later
  • GS Series GS21 Model: Version 01.45.000 or later
  • GT25-J71GN13-T2: Version 04 or later
  • RD78G4: Version 16 or later
  • RD78G8: Version 16 or later
  • RD78G16: Version 16 or later
  • RD78G32: Version 16 or later
  • RD78G64: Version 16 or later
  • RD78GHV: Version 16 or later
  • RD78GHW: Version 16 or later
  • Please contact a Mitsubishi Electric representative for more information.

Affected Vendors

Mitsubishi Electric

Affected Products (104)

Mitsubishi Electric · QJ71MES96 vers:all/*
Mitsubishi Electric · QJ71WS96 vers:all/*
Mitsubishi Electric · Q06CCPU-V vers:all/*
Mitsubishi Electric · Q24DHCCPU-V <=the_first_5_digits_of_serial_number_24031
Mitsubishi Electric · Q24DHCCPU-VG <=the_first_5_digits_of_serial_number_24031
Mitsubishi Electric · R12CCPU-V <=13
Mitsubishi Electric · RD55UP06-V <=09
Mitsubishi Electric · RD55UP12-V 01
Mitsubishi Electric · RJ71GN11-T2 <=11
Mitsubishi Electric · RD78G4 <=14
Mitsubishi Electric · RD78G8 <=14
Mitsubishi Electric · RD78G16 <=14
Mitsubishi Electric · RD78G32 <=14
Mitsubishi Electric · RD78G64 <=14
Mitsubishi Electric · RD78GHV <=14
Mitsubishi Electric · RD78GHW <=14
Mitsubishi Electric · NZ2FT-MT vers:all/*
Mitsubishi Electric · NZ2FT-EIP vers:all/*
Mitsubishi Electric · Q03UDECPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q04UDEHCPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q06UDEHCPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q10UDEHCPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q13UDEHCPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q20UDEHCPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q26UDEHCPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q50UDEHCPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q100UDEHCPU <=the_first_5_digits_of_serial_number_22081
Mitsubishi Electric · Q03UDVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · Q04UDVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · Q06UDVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · Q13UDVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · Q26UDVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · Q04UDPVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · Q06UDPVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · Q13UDPVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · Q26UDPVCPU <=the_first_5_digits_of_serial_number_22031
Mitsubishi Electric · L02CPU(-P) <=the_first_5_digits_of_serial_number_22051
Mitsubishi Electric · L06CPU(-P) <=the_first_5_digits_of_serial_number_22051
Mitsubishi Electric · L26CPU(-P) <=the_first_5_digits_of_serial_number_22051
Mitsubishi Electric · L26CPU-(P)BT <=the_first_5_digits_of_serial_number_22051
Mitsubishi Electric · R00CPU <=18
Mitsubishi Electric · R01CPU <=18
Mitsubishi Electric · R02CPU <=18
Mitsubishi Electric · R04CPU <=50
Mitsubishi Electric · R08CPU <=50
Mitsubishi Electric · R16CPU <=50
Mitsubishi Electric · R32CPU <=50
Mitsubishi Electric · R120CPU <=50
Mitsubishi Electric · R04ENCPU <=50
Mitsubishi Electric · R08ENCPU <=50
Mitsubishi Electric · R16ENCPU <=50
Mitsubishi Electric · R32ENCPU <=50
Mitsubishi Electric · R120ENCPU <=50
Mitsubishi Electric · R08SFCPU <=22
Mitsubishi Electric · R16SFCPU <=22
Mitsubishi Electric · R32SFCPU <=22
Mitsubishi Electric · R120SFCPU <=22
Mitsubishi Electric · R08PCPU <=24
Mitsubishi Electric · R16PCPU <=24
Mitsubishi Electric · R32PCPU <=24
Mitsubishi Electric · R120PCPU <=24
Mitsubishi Electric · R08PSFCPU <=05
Mitsubishi Electric · R16PSFCPU <=05
Mitsubishi Electric · R32PSFCPU <=05
Mitsubishi Electric · R120PSFCPU <=05
Mitsubishi Electric · FX5U(C)-**M*/** Serial number 17X**** or later <=1.210
Mitsubishi Electric · FX5U(C)-**M*/** Serial number 179**** and prior <=1.070
Mitsubishi Electric · FX5UC-32M*/**-TS <=1.210
Mitsubishi Electric · FX5UJ-**M*/** 1.000
Mitsubishi Electric · FX5-ENET <=1.002
Mitsubishi Electric · FX5-ENET/IP <=1.002
Mitsubishi Electric · FX3U-ENET-ADP <=1.22
Mitsubishi Electric · FX3GE-**M*/** <=the_first_3_digits_of_serial_number_20X
Mitsubishi Electric · FX3U-ENET <=1.14
Mitsubishi Electric · FX3U-ENET-L <=1.14
Mitsubishi Electric · FX3U-ENET-P502 <=1.14
Mitsubishi Electric · FX5-CCLGN-MS 1.000
Mitsubishi Electric · IU1-1M20-D vers:all/*
Mitsubishi Electric · LE7-40GU-L screen package data <=1.01
Mitsubishi Electric · GOT2000 Series GT21 Model <=01.44.000
Mitsubishi Electric · GS Series GS21 Model <=01.44.000
Mitsubishi Electric · GOT1000 Series GT14 Model vers:all/*
Mitsubishi Electric · FR-A800-E Series <=production_date_December_2020
Mitsubishi Electric · FR-F800-E Series <=production_date_December_2020
Mitsubishi Electric · FR-A8NCG <=Production_date_August_2020
Mitsubishi Electric · FR-E800-EPA Series <=Production_date_July_2020
Mitsubishi Electric · FR-E800-EPB Series <=Production_date_July_2020
Mitsubishi Electric · Conveyor Tracking Application APR-1TR3FH (Discontinued product) vers:all/*
Mitsubishi Electric · Conveyor Tracking Application APR-1TR6FH (Discontinued product) vers:all/*
Mitsubishi Electric · Conveyor Tracking Application APR-1TR12FH (Discontinued product) vers:all/*
Mitsubishi Electric · Conveyor Tracking Application APR-1TR20FH (Discontinued product) vers:all/*
Mitsubishi Electric · Conveyor Tracking Application APR-2TR3FH (Discontinued product) vers:all/*
Mitsubishi Electric · Conveyor Tracking Application APR-2TR6FH (Discontinued product) vers:all/*
Mitsubishi Electric · Conveyor Tracking Application APR-2TR12FH (Discontinued product) vers:all/*
Mitsubishi Electric · Conveyor Tracking Application APR-2TR20FH (Discontinued product) vers:all/*
Mitsubishi Electric · MR-JE-C vers:all/*
Mitsubishi Electric · MR-J4-TM vers:all/*
Mitsubishi Electric · RJ71EN71 <=48
Mitsubishi Electric · QJ71E71-100 <=the_first_5_digits_of_serial_number_21092
Mitsubishi Electric · LJ71E71-100 <=the_first_5_digits_of_serial_number_21092
Mitsubishi Electric · QJ71MT91 <=the_first_5_digits_of_serial_number_20082
Mitsubishi Electric · NZ2GACP620-60 <=1.03D
Mitsubishi Electric · NZ2GACP620-300 <=1.03D
Mitsubishi Electric · GT25-J71GN13-T2 <=03

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more