← Back to home
ICSA-24-074-14  ·  Published 2024-06-13  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC-Q/L Series (Update B)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to be able to read arbitrary information or execute malicious code on a target product by sending a specially crafted packet.

CVEs (5)

Remediations

  • Mitsubishi Electric released the fixed version of the product:
  • MELSEC-Q Series Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: firmware versions where the first 5 digits of serial No. "26062" or later
  • MELSEC-Q Series Q03/04/06/13/26UDVCPU: firmware versions where the first 5 digits of serial No. "26062" or later
  • MELSEC-Q Series Q04/06/13/26UDPVCPU: firmware versions where the first 5 digits of serial No. "26062" or later
  • MELSEC-L Series L02/06/26CPU(-P), L26CPU-(P)BT: firmware versions where the first 5 digits of serial No. "26042" or later
  • Mitsubishi Electric recommends that users consider replacing with MELSEC iQ-R Series.
  • Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:
  • Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls.
  • Restrict physical access to the affected product as well as to the personal computers and the network devices that can communicate with it.
  • Install antivirus software on your personal computer that can access the affected product.
  • For specific additional details, see Mitsubishi Electric advisory 2023-024.

Affected Vendors

Mitsubishi Electric

Affected Products (22)

Mitsubishi Electric · MELSEC-Q Series Q03UDECPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q04UDEHCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q06UDEHCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q10UDEHCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q13UDEHCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q20UDEHCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q26UDEHCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q50UDEHCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q100UDEHCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q03UDVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q04UDVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q06UDVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q13UDVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q26UDVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q04UDPVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q06UDPVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q13UDPVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-Q Series Q26UDPVCPU <=The_first_5_digits_of_serial_No._"26061"
Mitsubishi Electric · MELSEC-L Series L02CPU(-P) <=The_first_5_digits_of_serial_No._"26041"
Mitsubishi Electric · MELSEC-L Series L06CPU(-P) <=The_first_5_digits_of_serial_No._"26041"
Mitsubishi Electric · MELSEC-L Series L26CPU(-P) <=The_first_5_digits_of_serial_No._"26041"
Mitsubishi Electric · MELSEC-L Series L26CPU-(P)BT <=The_first_5_digits_of_serial_No._"26041"

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more