First published: Fri Aug 06 2021(Updated: )
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric R08sfcpu Firmware | ||
Mitsubishielectric R08sfcpu | ||
Mitsubishielectric R16sfcpu Firmware | ||
Mitsubishielectric R16sfcpu | ||
Mitsubishielectric R32sfcpu Firmware | ||
Mitsubishielectric R32sfcpu | ||
Mitsubishielectric R120sfcpu Firmware | ||
Mitsubishielectric R120sfcpu | ||
Mitsubishielectric R08psfcpu Firmware | ||
Mitsubishielectric R08psfcpu | ||
Mitsubishielectric R16psfcpu Firmware | ||
Mitsubishielectric R16psfcpu | ||
Mitsubishielectric R32psfcpu Firmware | ||
Mitsubishielectric R32psfcpu | ||
Mitsubishielectric R120psfcpu Firmware | ||
Mitsubishielectric R120psfcpu | ||
All of | ||
Mitsubishielectric R08sfcpu Firmware | ||
Mitsubishielectric R08sfcpu | ||
All of | ||
Mitsubishielectric R16sfcpu Firmware | ||
Mitsubishielectric R16sfcpu | ||
All of | ||
Mitsubishielectric R32sfcpu Firmware | ||
Mitsubishielectric R32sfcpu | ||
All of | ||
Mitsubishielectric R120sfcpu Firmware | ||
Mitsubishielectric R120sfcpu | ||
All of | ||
Mitsubishielectric R08psfcpu Firmware | ||
Mitsubishielectric R08psfcpu | ||
All of | ||
Mitsubishielectric R16psfcpu Firmware | ||
Mitsubishielectric R16psfcpu | ||
All of | ||
Mitsubishielectric R32psfcpu Firmware | ||
Mitsubishielectric R32psfcpu | ||
All of | ||
Mitsubishielectric R120psfcpu Firmware | ||
Mitsubishielectric R120psfcpu |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-20597.
The severity rating of CVE-2021-20597 is 9.1 (Critical).
The vulnerability affects Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior.
Yes, Mitsubishi Electric has released a firmware update to address the vulnerability.
You can find more information about CVE-2021-20597 in the following references: [Link 1](https://jvn.jp/vu/JVNVU98578731/index.html), [Link 2](https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01), [Link 3](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-009_en.pdf).