Mitsubishi Electric MELSEC iQ-R Series (Update D)

Plan PatchCVSS 8.6ICS-CERT ICSA-20-282-02Nov 19, 2020

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability in Mitsubishi Electric iQ-R series PLCs allows an attacker to send a crafted network request that causes resource exhaustion on the device, rendering it unresponsive to legitimate commands and queries. The vulnerability affects multiple iQ-R PLC models including R00CPU, R01CPU, R04CPU through R120CPU, as well as EN, F, P, and MT variant CPUs across all versions listed. No public exploitation has been reported, but the vulnerability requires only network access and no authentication. Mitsubishi Electric recommends updating to patched firmware versions specific to each CPU model and implementing firewall controls to restrict network access from untrusted sources.

What this means

What could happen

An attacker can cause the iQ-R PLC to stop responding to network requests, halting your ability to monitor or control industrial processes until the device is rebooted or power-cycled.

Who's at risk

Energy sector operators using Mitsubishi Electric iQ-R series programmable logic controllers (PLCs), including compact, mid-range, and multi-task CPU models. This affects any plant or facility where iQ-R PLCs manage generation, transmission, distribution, or water treatment processes.

How it could be exploited

An attacker with network access to an iQ-R PLC on ports used by Mitsubishi's protocol can send a specially crafted request that exhausts the device's resources, triggering a denial-of-service condition and making the PLC unresponsive.

Prerequisites

Network access to the iQ-R PLC from an untrusted network segment
No authentication required to send the malicious request

remotely exploitableno authentication requiredlow complexityno patch available for end-of-life modelsaffects industrial control systems

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (23)

23 with fix

ProductAffected VersionsFix Status

iQ-R series R00CPU: <=20≤ 2021+

iQ-R series R04CPU: <=52≤ 5253+

iQ-R series R08CPU: <=52≤ 5253+

iQ-R series R16CPU: <=52≤ 5253+

iQ-R series R32CPU: <=52≤ 5253+

Remediation & Mitigation

0/8

Do now

0/1

WORKAROUNDConfigure firewall rules to block network access to iQ-R PLCs from untrusted networks and hosts; allow only known engineering workstations and SCADA servers

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

HOTFIXUpdate iQ-R series R00CPU and R01CPU firmware to version 21 or later

HOTFIXUpdate iQ-R series R04CPU, R08CPU, R16CPU, R32CPU, and R120CPU firmware to version 53 or later

HOTFIXUpdate iQ-R series R04ENCPU, R08ENCPU, R16ENCPU, R32ENCPU, and R120ENCPU firmware to version 53 or later

HOTFIXUpdate iQ-R series R08FCPU, R16FCPU, R32FCPU, and R120FCPU firmware to version 23 or later

HOTFIXUpdate iQ-R series R08PCPU, R16PCPU, R32PCPU, and R120PCPU firmware to version 26 or later

HOTFIXUpdate iQ-R series R16MTCPU, R32MTCPU, and R64MTCPU operating system software to version 22 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate iQ-R PLCs on a separate LAN segment with restricted access from corporate networks

CVEs (1)

CVE-2020-16850

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/98b86c4d-1c24-4f59-917d-f5d049fc508b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.