Mitsubishi Electric MELSEC iQ-R Series
Act Now9.1ICS-CERT ICSA-21-287-03Aug 6, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the authentication mechanism of Mitsubishi Electric MELSEC iQ-R series Safety and SIL2 Process CPUs allows a remote attacker to obtain credentials and log in to the CPU module. The affected products include Safety CPU models R08/16/32/120SFCPU (firmware ≤26) and SIL2 Process CPU models R08/16/32/120PSFCPU (firmware ≤11). Exploitation could lead to unauthorized access and control of safety-critical and process control logic. Mitsubishi Electric states that updating the affected products to fixed firmware versions is not available, leaving only mitigation measures as interim protection.
What this means
What could happen
An attacker with network access could obtain credentials and log into your safety or process CPU, potentially enabling manipulation of process setpoints, safety logic, or triggering unplanned shutdowns of critical manufacturing or energy infrastructure.
Who's at risk
Energy sector operators and manufacturing facilities using Mitsubishi Electric MELSEC iQ-R series Safety CPUs (R08/16/32/120SFCPU) or SIL2 Process CPUs (R08/16/32/120PSFCPU) in critical automation and process control applications.
How it could be exploited
An attacker on the network sends authentication requests to the CPU module. The vulnerability in the authentication mechanism allows credential theft or bypass, granting the attacker login access to the CPU where they can execute commands or modify control logic.
Prerequisites
- Network connectivity to the CPU module port
- No valid user credentials required for initial exploitation
remotely exploitableno authentication requiredlow complexityaffects safety systemsno patch available
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (8)
8 with fix8 EOL
ProductAffected VersionsFix Status
MELSEC iQ-R series Safety CPU R08SFCPU Firmware: <=26≤ 2627
MELSEC iQ-R series Safety CPU R16SFCPU Firmware: <=26≤ 2627
MELSEC iQ-R series Safety CPU R32SFCPU Firmware: <=26≤ 2627
MELSEC iQ-R series Safety CPU R120SFCPU Firmware: <=26≤ 2627
MELSEC iQ-R series SIL2 Process CPU R16PSFCPU Firmware: <=11≤ 1112
MELSEC iQ-R series SIL2 Process CPU R32PSFCPU Firmware: <=11≤ 1112
MELSEC iQ-R series SIL2 Process CPU R120PSFCPU Firmware: <=11≤ 1112
MELSEC iQ-R series SIL2 Process CPU R08PSFCPU Firmware: <=11≤ 1112
Remediation & Mitigation
0/6
Do now
0/3WORKAROUNDBlock network access to the CPU module from untrusted networks and hosts using firewall rules
WORKAROUNDDeploy a VPN if Internet access to the CPU module is required
WORKAROUNDConfigure IP filter function on the CPU module to restrict accessible IP addresses to authorized hosts only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate firmware to version 27 or later for Safety CPU models (R08/16/32/120SFCPU)
HOTFIXUpdate firmware to version 12 or later for SIL2 Process CPU models (R08/16/32/120PSFCPU)
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: MELSEC iQ-R series Safety CPU R08SFCPU Firmware: <=26, MELSEC iQ-R series Safety CPU R16SFCPU Firmware: <=26, MELSEC iQ-R series Safety CPU R32SFCPU Firmware: <=26, MELSEC iQ-R series Safety CPU R120SFCPU Firmware: <=26, MELSEC iQ-R series SIL2 Process CPU R16PSFCPU Firmware: <=11, MELSEC iQ-R series SIL2 Process CPU R32PSFCPU Firmware: <=11, MELSEC iQ-R series SIL2 Process CPU R120PSFCPU Firmware: <=11, MELSEC iQ-R series SIL2 Process CPU R08PSFCPU Firmware: <=11. Apply the following compensating controls:
HARDENINGIsolate MELSEC iQ-R series CPUs on a dedicated control network separated from corporate IT and untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f92933e7-0131-4003-9e7a-f57d269ce23d