← Back to home
ICSA-22-172-01  ·  Published 2024-05-30  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update C)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could result in a denial-of-service condition for Ethernet communication. A system restart would be required to restore functionality.

CVEs (1)

Remediations

  • Mitsubishi has fixed the vulnerability in the following products:
  • MELSEC iQ-R Series R12CCPU-V CPU: Firmware Version 17 and later
  • MELSEC Q Series Q03UDECPU: Versions with the first 5 digits of serial No. 24062 and later
  • MELSEC Q Series Q04UDECPU: Versions with the first 5 digits of serial No. 24062 and later
  • MELSEC Q Series Q06UDECPU: Versions with the first 5 digits of serial No. 24062 and later
  • MELSEC Q Series Q10UDECPU: Versions with the first 5 digits of serial No. 24062 and later
  • MELSEC Q Series Q13UDECPU: Versions with the first 5 digits of serial No. 24062 and later
  • MELSEC Q Series Q20UDECPU: Versions with the first 5 digits of serial No. 24062 and later
  • MELSEC Q Series Q26UDECPU: Versions with the first 5 digits of serial No. 24062 and later
  • MELSEC Q Series Q50UDECPU: Versions with the first 5 digits of serial No. 24062 and later
  • MELSEC Q Series Q100UDECPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q03UDVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q04UDVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q06UDVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q13UDVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q26UDVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q04UDPVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q06UDPVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q13UDPVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q26UDPVCPU: Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC Q Series Q12DCCPU-V: Versions with the first 5 digits of serial No. 25062 and later
  • MELSEC Q Series Q24DHCCPU-V(G): Versions with the first 5 digits of serial No. 25062 and later
  • MELSEC Q Series Q24DHCCPU-LS: Versions with the first 5 digits of serial No. 25062 and later
  • MELSEC Q Series Q26DHCCPU-LS: Versions with the first 5 digits of serial No. 25062 and later
  • MELSEC L Series L02CPU(-P): Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC L Series L06CPU(-P): Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC L Series L26CPU(-P): Versions with the first 5 digits of serial No. 24052 and later
  • MELSEC L Series L26CPU-(P)BT: Versions with the first 5 digits of serial No. 24052 and later
  • MELIPC Series MI5122-VW CPU: Firmware Version 06 and later
  • Mitsubishi Electric recommends customers apply the following countermeasures:
  • MELSEC iQ-R Series:
  • Customers using the MELSEC iQ-R Series firmware versions 08 and prior will be unable to update to the fixed version. Take the mitigation measures that are common to all affected products found later in the advisory.
  • Customers using the MELSEC iQ-R Series firmware versions 09 and later are recommended to download and install the updated firmware. Please refer to the MELSEC iQ-R Module Configuration Manual "Appendix 2 Firmware Update Function" for instructions on how to update the firmware.
  • MELSEC Q Series:
  • Customers using the MELSEC Q Series will be unable to update to the respective fixed versions. Mitsubishi Electric recommends customers consider migrating to the MELSEC iQ-R Series. Take the mitigation measures that are common to all affected products found later in the advisory.
  • MELSEC L Series:
  • Customers using the MELSEC L Series will be unable to update to the respective fixed versions. Mitsubishi Electric recommends customers consider migrating to the MELSEC iQ-R Series. Take the mitigation measures that are common to all affected products found later in the advisory.
  • MELIPC Series:
  • Customers using the MELIPC Series will be unable to update to the fixed version. Take the mitigation measures that are common to all affected products found later in the advisory.
  • Mitsubishi Electric recommends the following mitigation measures as being common to all affected products:
  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls.
  • For additional information, such as how to check device or firmware versions, see the Mitsubishi Electric security advisory.
  • Please contact Mitsubishi Electric customer support for more information on how to update specific hardware.

Affected Vendors

Mitsubishi Electric

Affected Products (28)

Mitsubishi Electric · MELSEC iQ-R Series R12CCPU-V CPU Firmware <=16
Mitsubishi Electric · MELSEC Q Series Q03UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q04UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q06UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q10UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q13UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q20UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q26UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q50UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q100UDECPU <=with_the_first_5_digits_of_serial_number_24061
Mitsubishi Electric · MELSEC Q Series Q03UDVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q04UDVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q06UDVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q13UDVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q26UDVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q04UDPVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q06UDPVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q13UDPVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q26UDPVCPU <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC Q Series Q12DCCPU-V <=with_the_first_5_digits_of_serial_number_25061
Mitsubishi Electric · MELSEC Q Series Q24DHCCPU-V(G) <=with_the_first_5_digits_of_serial_number_25061
Mitsubishi Electric · MELSEC Q Series Q24DHCCPU-LS <=with_the_first_5_digits_of_serial_number_25061
Mitsubishi Electric · MELSEC Q Series Q26DHCCPU-LS <=with_the_first_5_digits_of_serial_number_25061
Mitsubishi Electric · MELSEC L Series L02CPU(-P) <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC L Series L06CPU(-P) <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC L Series L26CPU(-P) <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELSEC L Series L26CPU-(P)BT <=with_the_first_5_digits_of_serial_number_24051
Mitsubishi Electric · MELIPC Series MI5122-VW CPU Firmware <=05

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more