high
7.8
CWE
400
Advisory Published
Updated

CVE-2021-20609

First published: Wed Dec 01 2021(Updated: )

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "28" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected SoftwareAffected VersionHow to fix
Mitsubishi Melsec Iq-r R00 Cpu Firmware<=24
Mitsubishi Melsec Iq-r R00 Cpu Firmware
Mitsubishi Melsec Iq-r R01 Cpu Firmware<=24
Mitsubishi Melsec Iq-r R01 Cpu Firmware
Mitsubishi Melsec Iq-r R02 Cpu Firmware<=24
Mitsubishi Melsec Iq-r R02 Cpu
Mitsubishi Melsec Iq-r R04 Pcpu Firmware<=57
Mitsubishi Melsec Iq-r R04 Cpu Firmware
Mitsubishi Melsec Iq-r R08 Cpu Firmware<=57
Mitsubishi Melsec Iq-r R08 Cpu Firmware
Mitsubishi Melsec Iq-r R120 Cpu<=57
Mitsubishi Melsec Iq-r R120 Cpu Firmware
Mitsubishi Melsec Iq-r R16 Cpu Firmware<=57
Mitsubishi Melsec Iq-r R16 Cpu
Mitsubishi Melsec Iq-r R32 CPU<=57
Mitsubishi Melsec Iq-r R32 Cpu Firmware
Mitsubishi Melsec Iq-r R04 Pcpu Firmware<=29
Mitsubishi Melsec Iq-r R04 Pcpu Firmware
Mitsubishi Melsec Iq-r R08 Cpu Firmware<=29
Mitsubishi Melsec Iq-r R08 Pcpu Firmware
Mitsubishi Melsec Iq-r R16 Pcpu Firmware<=29
Mitsubishi Melsec Iq-r R16 Cpu
Mitsubishi Melsec Iq-r R32 Pcpu Firmware<=29
Mitsubishi Melsec Iq-r R32 CPU
Mitsubishi Melsec Iq-r R120 Pcpu Firmware<=29
Mitsubishi Melsec Iq-r R120 Cpu
Mitsubishi Melsec Iq-r R08 Cpu Firmware
Mitsubishi Melsec Iq-r R08 Sfcpu Firmware
Mitsubishi Melsec Iq-r R16 Sfcpu
Mitsubishi Melsec Iq-r R16 Sfcpu Firmware
Mitsubishi Melsec Iq-r R32 Sfcpu
Mitsubishi Melsec Iq-r R32 Sfcpu Firmware
Mitsubishi Melsec Iq-r R120 Sfcpu
Mitsubishi Melsec Iq-r R120 Cpu
Mitsubishi Melsec Iq-r R16 Mtcpu Firmware
Mitsubishi Melsec Iq-r R16 Mtcpu Firmware
Mitsubishi Melsec Iq-r R32 Mtcpu Firmware
Mitsubishi Melsec Iq-r R32 Mtcpu Firmware
Mitsubishi Melsec Iq-r R64 Mtcpu Firmware
Mitsubishi Melsec Iq-r R64 Mtcpu Firmware
Mitsubishi Melsec Iq-r R12 Ccpu-v
Mitsubishi Melsec Iq-r R12 Ccpu-v Firmware
Mitsubishi Electric Melsec Q-Q03UDECPU Firmware
Mitsubishi Electric Melsec Q03UDECPU
Mitsubishi Melsec Q04udecpu
Mitsubishi Melsec Q04udecpu Firmware
Mitsubishi Melsec Q06udecpu
Mitsubishi Melsec Q06udecpu Firmware
Mitsubishi Melsec Q10udecpu
Mitsubishi Melsec Q10udecpu Firmware
Mitsubishi Melsec Q13udecpu
Mitsubishi Melsec Q13udecpu Firmware
Mitsubishi Melsec Q20udecpu
Mitsubishi Melsec Q20udecpu Firmware
Mitsubishi Melsec Q26UDCECPU
Mitsubishi Melsec Q26UDCECPU
Mitsubishi Melsec Q50udecpu
Mitsubishi Melsec Q50udecpu Firmware
Mitsubishi Melsec Q100udecpu
Mitsubishi Melsec Q100udecpu Firmware
Mitsubishi Electric Melsec Q-Q03UDVCPU Firmware
Mitsubishi Electric MELSEC Q-Q03UDVCPU
Mitsubishi Melsec Q04UDVCPU
Mitsubishi Electric Q04UDVCPU
Mitsubishi Melsec Q06udvcpu
Mitsubishi Melsec Q06udvcpu Firmware
Mitsubishi Electric Q13U-DVCpu Firmware
Mitsubishi Melsec Q13udvcpu Firmware
Mitsubishi Melsec Q26udvcpu
Mitsubishi Melsec Q26udvcpu Firmware
Mitsubishielectric Melsec Q-q04udpvcpu Firmware
Mitsubishi Melsec Q04udpvcpu Firmware
Mitsubishi Electric Melsec Q-Q06UDPVCPU Firmware
Mitsubishi Electric Melsec Q-Q06UDPVCPU
Mitsubishi Melsec Q13udpvcpu
Mitsubishielectric Melsec Q-q13udpvcpu
Mitsubishi Electric Melsec Q-Q26UDPVCpu Firmware
Mitsubishi Electric Melsec Q-q26udpvcpu
Mitsubishielectric Q12dccpu-v Firmware
Mitsubishi Melsec Q12dccpu-v Firmware
Mitsubishi Melsec Q24dhccpu-v(g) Firmware
Mitsubishi Melsec Q24dhccpu-v(g)
Mitsubishi Melsec Q24DHCCPU-LS
Mitsubishi Melsec Q24DHCCPU-LS Firmware
Mitsubishielectric Q26dhccpu-ls Firmware
Mitsubishi Electric Q26DHCCPU-LS
Mitsubishi Melsec Mr-mq100
Mitsubishi Melsec Mr-mq100 Firmware
Mitsubishi Electric Melsec Q-Q172DCpu-S1 Firmware
Mitsubishi Electric Melsec Q-Q172DCPU-S1
Mitsubishi Melsec Q173dcpu-s1
Mitsubishi Electric Melsec Q-Q173DCPU-S1 Firmware
Mitsubishi Electric Melsec Q-Q172DSCPU Firmware
Mitsubishi Electric Melsec Q-Q172DScpu
Mitsubishi Electric Melsec Q-Q173DScpu Firmware
Mitsubishi Electric Melsec Q-Q173DCPU
Mitsubishi Melsec Q170mscpu(-s1) Firmware
Mitsubishi Melsec Q170mscpu(-s1)
Mitsubishielectric Melsec Q-q170mcpu Firmware
Mitsubishielectric Melsec Q-q170mcpu
Mitsubishi Electric Mi5122-vw Firmware
Mitsubishi Melipc Mi5122-vw Firmware
Mitsubishi Melsec L26cpu-pbt Firmware
Mitsubishi Melsec L26CPU-(P)BT
Mitsubishi Melsec L26cpu(-p) Firmware
Mitsubishi Melsec L26cpu(-p)
Mitsubishi Melsec L06cpu(-p) Firmware
Mitsubishi Melsec L06cpu(-p)
Mitsubishi Melsec L02cpu(-p) Firmware
Mitsubishi Melsec L02cpu(-p)
Mitsubishi Melsec Iq-r R08 Cpu Firmware
Mitsubishi Melsec Iq-r R08 Cpu Firmware
Mitsubishi Melsec Iq-r R16 Cpu Firmware
Mitsubishi Melsec Iq-r R32 CPU
Mitsubishi Melsec Iq-r R120 Cpu

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-20609?

    CVE-2021-20609 is classified as an Uncontrolled Resource Consumption vulnerability.

  • How do I fix CVE-2021-20609?

    To remediate CVE-2021-20609, upgrade to the latest firmware versions provided by Mitsubishi Electric.

  • Which firmware versions are affected by CVE-2021-20609?

    Firmware versions "24" and prior for the R00/01/02 CPUs, and versions "57" and prior for the R04/08/16/32/120 CPUs are affected.

  • What systems are impacted by CVE-2021-20609?

    CVE-2021-20609 affects various Mitsubishi Electric MELSEC iQ-R Series CPUs and firmware.

  • Can CVE-2021-20609 lead to denial of service?

    Yes, due to uncontrolled resource consumption, CVE-2021-20609 can potentially lead to denial of service.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203