← Back to home
ICSA-22-102-02  ·  Published 2022-04-12  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC-Q Series C Controller Module

CVSS 9.0 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could cause a denial-of-service condition or allow remote code execution.

CVEs (1)

Remediations

  • Update to 24032 (first 5 digits of serial number) or later. Contact a Mitsubishi Electric representative for more information.
  • Disable the DHCP function in “Security Settings” of the C language controller settings/monitor tool if the product is in “Extended mode” and the DHCP client function is not required.
  • Update DHCP server to the latest version.
  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Use within a trusted LAN that is properly divided by routers and firewalls.
  • For more information see Mitsubishi Electric's advisory 2022-001

Affected Vendors

Mitsubishi Electric

Affected Products (1)

Mitsubishi Electric · Module Q12DCCPU-V 5 digits of serial number <= 24031

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more