Denial-of-Service Vulnerability in Mitsubishi Electric MELSEC iQ-R and Q Series Products
CVE-2021-20610
7.5HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 1 December 2021
What is CVE-2021-20610?
The vulnerability in Mitsubishi Electric's MELSEC iQ-R and Q Series products arises from improper handling of length parameters, allowing remote unauthenticated attackers to send specially crafted packets. This can result in a denial-of-service (DoS) condition, necessitating a system reset for recovery. Organizations using these systems should apply recommended security updates to mitigate the risks associated with this vulnerability.
Affected Version(s)
MELIPC Series MI5122-VW Firmware versions "05" and prior
MELSEC iQ-R Series R00CPU Firmware versions "24" and prior
MELSEC iQ-R Series R01CPU Firmware versions "24" and prior