← back
CVE-2021-20610

CVE-2021-20610

CVSS 7.5 HIGHEPSS 3.1%CWE-130
In short

A flaw in Mitsubishi Electric programmable logic controllers (PLCs) allows an attacker to send malicious packets that crash the system, requiring a manual restart. This affects industrial control equipment used in factories and infrastructure.

Technical detail

The vulnerability stems from improper validation of length parameters in network packet handling across multiple MELSEC and MELIPC PLC models. An unauthenticated remote attacker can exploit this via specially crafted packets to trigger a denial-of-service condition; recovery requires system reset.

Summary generated and translated by AI from the official description.
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Mitsubishi Electric Corporation · MELIPC Series MI5122-VWMitsubishi Electric Corporation · MELSEC iQ-R Series R00CPUMitsubishi Electric Corporation · MELSEC iQ-R Series R01CPUMitsubishi Electric Corporation · MELSEC iQ-R Series R02CPUMitsubishi Electric Corporation · MELSEC iQ-R Series R04CPUMitsubishi Electric Corporation · MELSEC iQ-R Series R04ENCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R08CPUMitsubishi Electric Corporation · MELSEC iQ-R Series R08ENCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R08PCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R08PSFCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R08SFCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R120CPUMitsubishi Electric Corporation · MELSEC iQ-R Series R120ENCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R120PCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R120PSFCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R120SFCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R12CCPU-VMitsubishi Electric Corporation · MELSEC iQ-R Series R16CPUMitsubishi Electric Corporation · MELSEC iQ-R Series R16ENCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R16MTCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R16PCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R16PSFCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R16SFCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R32CPUMitsubishi Electric Corporation · MELSEC iQ-R Series R32ENCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R32MTCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R32PCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R32PSFCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R32SFCPUMitsubishi Electric Corporation · MELSEC iQ-R Series R64MTCPUMitsubishi Electric Corporation · MELSEC L Series L02CPUMitsubishi Electric Corporation · MELSEC L Series L02CPU-PMitsubishi Electric Corporation · MELSEC L Series L06CPUMitsubishi Electric Corporation · MELSEC L Series L06CPU-PMitsubishi Electric Corporation · MELSEC L Series L26CPUMitsubishi Electric Corporation · MELSEC L Series L26CPU-BTMitsubishi Electric Corporation · MELSEC L Series L26CPU-PMitsubishi Electric Corporation · MELSEC L Series L26CPU-PBTMitsubishi Electric Corporation · MELSEC Q Series MR-MQ100Mitsubishi Electric Corporation · MELSEC Q Series Q03UDECPUMitsubishi Electric Corporation · MELSEC Q Series Q03UDVCPUMitsubishi Electric Corporation · MELSEC Q Series Q04UDEHCPUMitsubishi Electric Corporation · MELSEC Q Series Q04UDPVCPUMitsubishi Electric Corporation · MELSEC Q Series Q04UDVCPUMitsubishi Electric Corporation · MELSEC Q Series Q06UDEHCPUMitsubishi Electric Corporation · MELSEC Q Series Q06UDPVCPUMitsubishi Electric Corporation · MELSEC Q Series Q06UDVCPUMitsubishi Electric Corporation · MELSEC Q Series Q100UDEHCPUMitsubishi Electric Corporation · MELSEC Q Series Q10UDEHCPUMitsubishi Electric Corporation · MELSEC Q Series Q12DCCPU-VMitsubishi Electric Corporation · MELSEC Q Series Q13UDEHCPUMitsubishi Electric Corporation · MELSEC Q Series Q13UDPVCPUMitsubishi Electric Corporation · MELSEC Q Series Q13UDVCPUMitsubishi Electric Corporation · MELSEC Q Series Q170MCPUMitsubishi Electric Corporation · MELSEC Q Series Q170MSCPUMitsubishi Electric Corporation · MELSEC Q Series Q170MSCPU-S1Mitsubishi Electric Corporation · MELSEC Q Series Q172DCPU-S1Mitsubishi Electric Corporation · MELSEC Q Series Q172DSCPUMitsubishi Electric Corporation · MELSEC Q Series Q173DCPU-S1Mitsubishi Electric Corporation · MELSEC Q Series Q173DSCPUMitsubishi Electric Corporation · MELSEC Q Series Q20UDEHCPUMitsubishi Electric Corporation · MELSEC Q Series Q24DHCCPU-LSMitsubishi Electric Corporation · MELSEC Q Series Q24DHCCPU-VMitsubishi Electric Corporation · MELSEC Q Series Q24DHCCPU-VGMitsubishi Electric Corporation · MELSEC Q Series Q26DHCCPU-LSMitsubishi Electric Corporation · MELSEC Q Series Q26UDEHCPUMitsubishi Electric Corporation · MELSEC Q Series Q26UDPVCPUMitsubishi Electric Corporation · MELSEC Q Series Q26UDVCPUMitsubishi Electric Corporation · MELSEC Q Series Q50UDEHCPU

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/vu/JVNVU94434051/index.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-21-334-02https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf