← Back to home
ICSA-20-324-05  ·  Published 2021-12-16  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC iQ-R Series (Update C)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could cause a denial-of-service condition for the affected product.

CVEs (1)

Remediations

  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: R00/01/02CPU: firmware Versions 20 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: R04/08/16/32/120 (EN) CPU: firmware Versions 52 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: R08/16/32/120SFCPU: firmware Versions 23 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: R08/16/32/120PCPU: firmware Versions 26 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: R08/16/32/120PSFCPU: firmware Versions 07 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: RJ71EN71: firmware Versions 48 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: RJ71GF11-T2: firmware Versions 48 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: RJ72GF15-T2: firmware Versions 08 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: RJ71GP21-SX: firmware Versions 48 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: RJ71GP21S-SX: firmware Versions 48 or later
  • Mitsubishi Electric has issued the following iQ-R Series firmware versions to address this issue: RJ71GN11-T2: firmware Versions 12 or later
  • For more information about this vulnerability and the associated mitigations, please see the vulnerability information on the Mitsubishi website.
  • Use a firewall or virtual private network (VPN), etc., to prevent unauthorized access when Internet access is required.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls.

Affected Vendors

Mitsubishi Electric

Affected Products (12)

Mitsubishi Electric · RJ71GF11-T2 <= 47
Mitsubishi Electric · RJ71C24(-R2/R4) vers:all/*
Mitsubishi Electric · RJ71GP21S-SX <= 47
Mitsubishi Electric · RJ72GF15-T2 <= 07
Mitsubishi Electric · R08/16/32/120SFCPU <= 22
Mitsubishi Electric · R08/16/32/120PSFCPU <= 06
Mitsubishi Electric · RJ71GP21-SX <= 47
Mitsubishi Electric · R04/08/16/32/120(EN)CPU <= 51
Mitsubishi Electric · RJ71GN11-T2 <= 11
Mitsubishi Electric · R00/01/02CPU <= 19
Mitsubishi Electric · RJ71EN71 <= 47
Mitsubishi Electric · R08/16/32/120PCPU <= 25

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more