ICSA-20-303-02 · Published 2020-10-29 · View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC iQ-R

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.

CVEs (6)

CVE-2020-5653 CVE-2020-5654 CVE-2020-5655 CVE-2020-5656 CVE-2020-5657 CVE-2020-5658

Remediations

Block access from untrusted networks and hosts through firewalls.
Please refer to Mitsubishi Electric's website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.

Affected Vendors

Mitsubishi Electric

Affected Products (5)

Mitsubishi Electric · OPC UA Server Module RD81OPC96 <= first 2 digits of serial number are 04

Mitsubishi Electric · High Speed Data Logger Module RD81DL96 <= first 2 digits of serial number are 08

Mitsubishi Electric · EtherNet/IP Network Interface Module RJ71EIP91 <= first 2 digits of serial number are 02

Mitsubishi Electric · PROFINET IO Controller Module RJ71PN92 <= first 2 digits of serial number are 01

Mitsubishi Electric · MES Interface Module RD81MES96N <= first 2 digits of serial number are 04

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more