Mitsubishi Electric MELSEC-Q Series CPU Module

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS).

CVEs (1)

Remediations

• Mitsubishi Electric has released the fixed version as shown below, but updating the product to the fixed version is currently unavailable. Consider migrating to the successor model, MELSEC iQ-R Series.
• MELSEC-QSeries Q03UDVCPU: The first 5 digits of serial No. '27082' or later.
• MELSEC-QSeries Q04UDVCPU: The first 5 digits of serial No. '27082' or later.
• MELSEC-QSeries Q06UDVCPU: The first 5 digits of serial No. '27082' or later.
• MELSEC-QSeries Q13UDVCPU: The first 5 digits of serial No. '27082' or later.
• MELSEC-QSeries Q26UDVCPU: The first 5 digits of serial No. '27082' or later.
• MELSEC-QSeries Q04UDPVCPU: The first 5 digits of serial No. '27082' or later.
• MELSEC-QSeries Q06UDPVCPU: The first 5 digits of serial No. '27082' or later.
• MELSEC-QSeries Q13UDPVCPU: The first 5 digits of serial No. '27082' or later.
• MELSEC-QSeries Q26UDPVCPU: The first 5 digits of serial No. '27082' or later.
• Mitsubishi Electric recommends users employ the following mitigation measures to minimize the risk of vulnerability exploit.
• Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
• Use within a LAN and block access from untrusted networks and hosts through firewalls.
• Restrict physical access to the affected products, as well as to computers and network devices that can be connected to those products.
• See Mitsubishi Electric's security bulletin for more information.

Affected Vendors

Affected Products (9)

Affected Sectors

Critical Manufacturing