Mitsubishi Electric MELSEC iQ-R Series

Risk Summary

Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to cause a denial-of-service condition on a target product by sending specially crafted packets.

CVEs (1)

Remediations

• Mitsubishi Electric has fixed the vulnerability: RJ71EN71: Update firmware version to “66” or later. R04/08/16/32/120ENCPU: Update network part firmware version to “66” or later.
• Users should refer to the following product manual for instructions to update firmware
• MELSEC iQ-R Module Configuration Manual “Firmware Update Function.”
• Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.
• Use the product within a local area network (LAN)
• Block access from untrusted networks and hosts through firewalls.
• Use the IP filter function to restrict the accessible IP addresses.
• Note: For using the IP filter function, users should see MELSEC iQ-R Ethernet User's Manual (Application) Security “IP filter”
• Users can refer to the Mitsubishi Electric advisory for further details.

Affected Vendors

Affected Products (2)

Affected Sectors

Critical Manufacturing