ICSA-22-165-03
·
Published 2022-06-14
·
View on CISA ICS-CERT ↗
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
CVSS 8.1
HIGH
Risk Summary
Successful exploitation of this vulnerability could result in a denial-of-service condition and/or enable remote code execution.
CVEs (1)
Remediations
- MELSEC-Q Series QJ71E71-100: First five digits of serial number 24062 and later
- MELSEC-L Series LJ71E71-100: First five digits of serial number 24062 and later
- MELSEC iQ-R Series RD81MES96N: firmware Version 09 and later
- For more information on how to patch individual systems, please contact Mitsubishi Electric support.
- If updating to a fixed version is not possible, Mitsubishi Electric recommends users take the following mitigations to minimize risk:
- Use a firewall, virtual private network (VPN), web application firewall (WAF), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
Affected Vendors
Mitsubishi Electric
Affected Products (3)
Mitsubishi Electric
·
MELSEC iQ-R Series RD81MES96N
<= 08
Mitsubishi Electric
·
MELSEC-L Series LJ71E71-100
<= first five digits of serial number 24061
Mitsubishi Electric
·
MELSEC-Q Series QJ71E71-100
<= first five digits of serial number 24061 24061
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more