ICSA-22-090-04 · Published 2022-05-31 · View on CISA ICS-CERT ↗

Mitsubishi Electric FA Products

CVSS 7.4 HIGH

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker to log in to the affected products and/or alter and obtain sensitive information.

CVEs (6)

CVE-2022-25155 CVE-2022-25156 CVE-2022-25157 CVE-2022-25158 CVE-2022-25159 CVE-2022-25160

Remediations

When communicating via untrusted networks or hosts, encrypt the communication path by setting up a VPN.
Use firewalls or IP filter function to restrict connections to the products and prevent access from untrusted networks or hosts. For details on IP filter function, refer to the following product manual:,empty icsa-22-090-04.json,vendor_fix,“12.1 IP Filter Function” in the MELSEC iQ-F FX 5 User's Manual (Ethernet Communication),empty icsa-22-090-04.json,vendor_fix,"IP filter"" of ""1.13 Security"" in the MELSEC iQ-R Ethernet User's Manual (Application)"
"IP Filter Function" of "6.2 Security Function" in the MELSEC iQ-R Motion Controller Programming Manual (Common)
"IP filter" of "1.4 Security" in the MELSEC iQ-R CC-Link IE TSN User's Manual (Application)
"IP filter" of "9.5 Security" in the MELSEC iQ-R CC-Link IE TSN Plus Master/Local Module User's Manual
"14.3 IP Filter Function" in the Q Corresponding Ethernet Interface Module User's Manual (Basic)
"14.3 IP Filter Function" in the MELSEC-L Ethernet Interface Module User's Manual (Basic)
For more information see Mitsubishi Electric's advisory 2021-031

Affected Vendors

Mitsubishi Electric

Affected Products (26)

Mitsubishi Electric · MELSEC iQ-F Series FX5U(C) CPU modules All models vers:all/*

Mitsubishi Electric · MELSEC iQ-F Series FX5UJ CPU modules All models vers:all/*

Mitsubishi Electric · MELSEC iQ-R series 04/08/16/32/120(EN)CPU vers:all/*

Mitsubishi Electric · MELSEC iQ-R series J71GN11-EIP vers:all/*

Mitsubishi Electric · MELSEC iQ-R series R00/01/02CPU vers:all/*

Mitsubishi Electric · MELSEC iQ-R series R08/16/32/120PCPU vers:all/*

Mitsubishi Electric · MELSEC iQ-R series R08/16/32/120PSFCPU vers:all/*

Mitsubishi Electric · MELSEC iQ-R series R08/16/32/120SFCPU vers:all/*

Mitsubishi Electric · MELSEC iQ-R series R16/32/64MTCPU vers:all/*

Mitsubishi Electric · MELSEC iQ-R series RJ71C24(-R2/R4) vers:all/*

Mitsubishi Electric · MELSEC iQ-R series RJ71EN71 vers:all/*

Mitsubishi Electric · MELSEC iQ-R series RJ71GF11-T2 vers:all/*

Mitsubishi Electric · MELSEC iQ-R series RJ71GN11-T2 vers:all/*

Mitsubishi Electric · MELSEC iQ-R series RJ71GP21(S)-SX vers:all/*

Mitsubishi Electric · MELSEC iQ-R series RJ72GF15-T2 vers:all/*

Mitsubishi Electric · MELSEC L series L02/06/26CPU(-P) L26CPU-(P)BT vers:all/*

Mitsubishi Electric · MELSEC L series LJ71C24(-R2) vers:all/*

Mitsubishi Electric · MELSEC L series LJ71E71-100 vers:all/*

Mitsubishi Electric · MELSEC L series LJ72GF15-T2 vers:all/*

Mitsubishi Electric · MELSEC Q series Q03/04/06/13/26UDVCPU vers:all/*

Mitsubishi Electric · MELSEC Q series Q03UDECPU Q04/06/10/13/20/26/50/100UDEHCPU vers:all/*

Mitsubishi Electric · MELSEC Q series Q04/06/13/26UDPVCPU vers:all/*

Mitsubishi Electric · MELSEC Q series QJ71C24N(-R2/R4) vers:all/*

Mitsubishi Electric · MELSEC Q series QJ71E71-100 vers:all/*

Mitsubishi Electric · MELSEC Q series QJ72BR15 vers:all/*

Mitsubishi Electric · MELSEC Q series QJ72LP25(-25/G/GE) vers:all/*

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more