Uncontrolled Resource Consumption in Mitsubishi Electric MELSEC iQ-R and Q Series
CVE-2021-20609

7.5HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-r Series R00cpu
Melsec Iq-r Series R01cpu
Melsec Iq-r Series R02cpu
Melsec Iq-r Series R04cpu
Vendor
CVE Published:
1 December 2021

What is CVE-2021-20609?

The vulnerability allows a remote unauthenticated attacker to exploit MELSEC iQ-R and Q Series devices by sending specially crafted packets. This can trigger a denial-of-service (DoS) condition, necessitating a system reset for recovery. Affected products include a wide range of CPUs, making this a significant concern for network stability and security.

Affected Version(s)

MELIPC Series MI5122-VW Firmware versions "05" and prior

MELSEC iQ-R Series R00CPU Firmware versions "24" and prior

MELSEC iQ-R Series R01CPU Firmware versions "24" and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU94434051/index.html
government-resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
government-resource

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.