Mitsubishi Electric MELSEC iQ-R Series C Controller Module (Update B)

Risk Summary

Successful exploitation of this vulnerability could prevent the module from starting up. If successfully exploited, a system reset would be required for recovery.

CVEs (1)

Remediations

• Mitsubishi Electric recommends users update affected devices to Firmware Version 17 or later. For specific update instructions and additional details see the Mitsubishi Electric advisory.
• If a System WDT error occurs at start up, there is a possibility the C Controller Module has been attacked. In this case, disconnect the LAN cable of the module and restart. After confirming the module has started normally, make a LAN connection.
• Regardless of whether the above error occurred, Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting this vulnerability
• Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
• Use within a LAN and block access from untrusted networks and hosts through firewalls.
• For specific update instructions and additional details see the Mitsubishi Electric advisory.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing