7.8
CWE
671
Advisory Published
Updated

CVE-2021-20612

First published: Fri Jan 14 2022(Updated: )

Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected SoftwareAffected VersionHow to fix
Mitsubishielectric Fx3u-enet Firmware<=1.14
Mitsubishielectric Fx3u-enet
Mitsubishielectric Fx3u-enet-l Firmware<=1.14
Mitsubishielectric Fx3u-enet-l
Mitsubishielectric Fx3u-enet-p502 Firmware<=1.14
Mitsubishielectric Fx3u-enet-p502
Mitsubishi Electric FX3U-ENET Firmware Version 1.14 and prior
Mitsubishi Electric FX3U-ENET-L Firmware Version 1.14 and prior
Mitsubishi Electric FX3U-ENET-P502 Firmware Version 1.14 and prior

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2021-20612?

    The severity of CVE-2021-20612 is high with a CVSS score of 7.5.

  • How does CVE-2021-20612 affect the MELSEC-F series FX3U-ENET?

    CVE-2021-20612 affects the MELSEC-F series FX3U-ENET with Firmware version 1.14 and prior, causing a denial-of-service (DoS) condition.

  • Is the MELSEC-F series FX3U-ENET-L vulnerable to CVE-2021-20612?

    No, the MELSEC-F series FX3U-ENET-L is not vulnerable to CVE-2021-20612.

  • How can I fix CVE-2021-20612 in the affected MELSEC-F series devices?

    To fix CVE-2021-20612 in the MELSEC-F series devices, update the firmware to version 1.15 or later as recommended by Mitsubishi Electric.

  • Where can I find more information about CVE-2021-20612?

    You can find more information about CVE-2021-20612 in the following references: [link1](https://jvn.jp/vu/JVNVU93268332/index.html), [link2](https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-01), [link3](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-023_en.pdf).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203