Mitsubishi Electric MELSEC iQ-R Series

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to be able to log in to the CPU module by obtaining credentials.

CVEs (1)

Remediations

• Mitsubishi Electric has prepared the following countermeasures:
• MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU: Firmware versions "27" or later
• MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU: Firmware versions "12" or later
• Customers using the affected products and versions may take measures through mitigations and workarounds. Mitsubishi Electric has released the fixed version as shown above, but updating the product to the fixed version is not available. Mitsubishi Electric recommends users take the following mitigation measures to minimize risk associated with this vulnerability:
• Use a firewall or virtual private network (VPN) to prevent unauthorized access when Internet access is required.
• Use within a LAN and block access from untrusted networks and hosts through firewalls.
• Use the IP filter function to restrict the accessible IP addresses.
• Please refer to the Mitsubishi Electric advisory for further details.

Affected Vendors

Affected Products (8)

Affected Sectors

Critical Manufacturing