ICSA-20-317-01
·
Published 2020-11-12
·
View on CISA ICS-CERT ↗
Mitsubishi Electric MELSEC iQ-R Series
CVSS 6.8
MEDIUM
Risk Summary
Successful exploitation of this vulnerability could cause a denial-of-service condition for the affected products.
CVEs (1)
Remediations
- R00/01/02CPU: firmware Versions 20 or later
- R04/08/16/32/120(EN)CPU: firmware Versions 52 or later
- If the web server function is not needed, change the setting for "To Use or Not to Use Web Server” to “Not Use.”
- Use a firewall or virtual private network (VPN), etc., to prevent unauthorized access when Internet access is required.
- Use within a trusted LAN and block access from untrusted networks and hosts through firewall.
- For more information about this vulnerability and the associated mitigations, please see the vulnerability information on the Mitsubishi website.
Affected Vendors
Mitsubishi Electric
Affected Products (2)
Mitsubishi Electric
·
MELSEC iQ-R series CPU module products R04/08/16/32/120(EN) CPU
>= 35 | <= 51
Mitsubishi Electric
·
MELSEC iQ-R series CPU module products R00/01/02 CPU
>= 05 | <=10
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more