Mitsubishi Electric MELSEC and MELIPC Series (Update G)

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition. Recovery requires a system reset.

CVEs (3)

Remediations

• Mitsubishi Electric corrected the vulnerabilities in the following products and intends to do the same with other products.
• MELSEC iQ-R Series R00CPU Firmware: Versions 25 or later
• MELSEC iQ-R Series R01CPU Firmware: Versions 25 or later
• MELSEC iQ-R Series R02CPU Firmware: Versions 25 or later
• MELSEC iQ-R Series R04(EN)CPU Firmware: Versions 58 or later
• MELSEC iQ-R Series R08(EN)CPU Firmware: Versions 58 or later
• MELSEC iQ-R Series R16(EN)CPU Firmware: Versions 58 or later
• MELSEC iQ-R Series R32(EN)CPU Firmware: Versions 58 or later
• MELSEC iQ-R Series R120(EN)CPU Firmware: Versions 58 or later
• MELSEC iQ-R Series R08SFCPU Firmware: Versions 27 or later
• MELSEC iQ-R Series R16SFCPU Firmware: Versions 27 or later
• MELSEC iQ-R Series R32SFCPU Firmware: Versions 27 or later
• MELSEC iQ-R Series R120SFCPU Firmware: Versions 27 or later
• MELSEC iQ-R Series R08PCPU Firmware: Versions 30 or later
• MELSEC iQ-R Series R16PCPU Firmware: Versions 30 or later
• MELSEC iQ-R Series R32PCPU Firmware: Versions 30 or later
• MELSEC iQ-R Series R120PCPU Firmware: Versions 30 or later
• MELSEC iQ-R Series R08PSFCPU Firmware: Versions 09 or later
• MELSEC iQ-R Series R16PSFCPU Firmware: Versions 09 or later
• MELSEC iQ-R Series R32PSFCPU Firmware: Versions 09 or later
• MELSEC iQ-R Series R120PSFCPU Firmware: Versions 09 or later
• MELSEC iQ-R Series R16MTCPU Operating system: software Version 24 or later
• MELSEC iQ-R Series R32MTCPU Operating system: software Version 24 or later
• MELSEC iQ-R Series R64MTCPU Operating system: software Version 24 or later
• MELSEC iQ-R Series R12CCPU-V Firmware: Versions 17 or later
• MELSEC Q Series Q03UDECPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q04UDEHCPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q06UDEHCPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q10UDEHCPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q13UDEHCPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q20UDEHCPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q26UDEHCPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q50UDEHCPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q100UDEHCPU The first 5 digits of serial No.: 23122 or later
• MELSEC Q Series Q03UDVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q04UDVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q06UDVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q13UDVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q26UDVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q04UDPVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q06UDPVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q13UDPVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q26UDPVCPU The first 5 digits of serial No.: 23072 or later
• MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No.: 24032 or later
• MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No.: 24032 or later
• MELSEC Q Series Q24DHCCPU-LS The first 5 digits of serial No.: 24032 or later
• MELSEC Q Series Q26DHCCPU-LS The first 5 digits of serial No.: 24032 or later
• MELSEC Q Series MR-MQ100 Operating system: software version G or later
• MELSEC Q Series Q172DCPU-S1 Operating system: software version X or later
• MELSEC Q Series Q173DCPU-S1 Operating system: software version X or later
• MELSEC Q Series Q172DSCPU Operating system: software version Z or later
• MELSEC Q Series Q173DSCPU Operating system: software version Z or later
• MELSEC Q Series Q170MCPU Operating system: software version X or later
• MELSEC Q Series Q170MSCPU(-S1) Operating system: software version Z or later
• MELSEC L Series L02CPU(-P) The first 5 digits of serial No.: 23122 or later
• MELSEC L Series L06CPU(-P) The first 5 digits of serial No.: 23122 or later
• MELSEC L Series L26CPU(-P) The first 5 digits of serial No.: 23122 or later
• MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No.: 23122 or later
• MELIPC Series MI5122-VW Firmware: Versions 06 or later
• Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of an attacker exploiting these vulnerabilities:
• Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
• Use a LAN and block access from untrusted networks and hosts through firewalls.
• Use the remote password function or IP filter function to block access from untrusted hosts. For details on the remote password function and IP filter function, please refer to the following manual for each product.
• MELSEC iQ-R Ethernet User's Manual (Application) 1.13 Security "Remote password" "IP filter"
• MELSEC iQ-R Motion Controller Programming Manual (Common) 6.2 Security Function "IP filter"
• MELSEC iQ-R C Controller Module User's Manual (Application) 6.6 Security Function "IP filter"
• QnUCPU User's Manual (Communication via Built-in Ethernet Port) CHAPTER 10 REMOTE PASSWORD
• MELSEC-L CPU Module User's Manual (Built-In Ethernet Function) CHAPTER 11 REMOTE PASSWORD
• MELIPC MI5000 Series User's Manual (Application) 11.3 IP Filter Function
• For specific update instructions and additional details, see the [Mitsubishi Electric advisory].(https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf).

Affected Vendors

Affected Products (58)

Affected Sectors

Critical Manufacturing