الوصف:

أصدرت Mitsubishi Electric عدة تحذيرات بخصوص عددٍ من الثغرات في المنتجات التالية:

• QJ71MES96, all versions
• QJ71WS96, all versions
• Q06CCPU-V, all versions
• Q24DHCCPU-V, all versions
• Q24DHCCPU-VG, all versions
• R12CCPU-V, Version 13 and prior
• RD55UP06-V, Version 09 and prior
• RD55UP12-V, Version 01
• RJ71GN11-T2, Version 11 and prior
• RJ71EN71, all versions
• QJ71E71-100, all versions
• LJ71E71-100, all versions
• QJ71MT91, all versions
• RD78Gn(n=4,8,16,32,64), all versions
• RD78GHV, all versions
• RD78GHW, all versions
• NZ2GACP620-60, all versions
• NZ2GACP620-300, all versions
• NZ2FT-MT, all versions
• NZ2FT-EIP, all versions
• Q03UDECPU, the first 5 digits of serial number 22081 and prior
• QnUDEHCPU(n=04/06/10/13/20/26/50/100), the first 5 digits of serial number 22081 and prior
• QnUDVCPU(n=03/04/06/13/26), the first 5 digits of serial number 22031 and prior
• QnUDPVCPU(n=04/06/13/26), the first 5 digits of serial number 22031 and prior
• LnCPU(-P)(n=02/06/26), the first 5 digits of serial number 22051 and prior
• L26CPU-(P)BT, the first 5 digits of serial number 22051 and prior
• RnCPU(n=00/01/02), Version 18 and prior
• RnCPU(n=04/08/16/32/120), Version 50 and prior
• RnENCPU(n=04/08/16/32/120), Version 50 and prior
• RnSFCPU (n=08/16/32/120), Version 22 and prior
• RnPCPU(n=08/16/32/120), Version 24 and prior
• RnPSFCPU(n=08/16/32/120), Version 05 and prior
• FX5U(C)-**M*/**
• Case1: Serial number 17X**** or later: Version 1.210 and prior
• Case2: Serial number 179**** and prior: Version 1.070 and prior
• FX5UC-32M*/**-TS, Version 1.210 and prior
• FX5UJ-**M*/**, Version 1.000
• FX5-ENET, Version 1.002 and prior
• FX5-ENET/IP, Version 1.002 and prior
• FX3U-ENET-ADP, Version 1.22 and prior
• FX3GE-**M*/**, the first 3 digits of serial number 20X and prior
• FX3U-ENET, Version 1.14 and prior
• FX3U-ENET-L, Version 1.14 and prior
• FX3U-ENET-P502, Version 1.14 and prior
• FX5-CCLGN-MS, Version 1.000
• IU1-1M20-D, all versions
• LE7-40GU-L, all versions
• GOT2000 Series GT21 Model, all versions
• GS Series, all versions
• GOT1000 Series GT14 Model, all versions
• GT25-J71GN13-T2, all versions
• FR-A800-E Series, production date December 2020 and prior
• FR-F800-E Series, production date December 2020 and prior
• FR-A8NCG, Production date August 2020 and prior
• FR-E800-EPA Series, Production date July 2020 and prior
• FR-E800-EPB Series, Production date July 2020 and prior
• Conveyor Tracking Application APR-nTR3FH, APR-nTR6FH, APR-nTR12FH, APR-nTR20FH(n=1,2), all versions (Discontinued product)
• MR-JE-C, all versions
• MR-J4-TM, all versions
• RJ71EN71, Version 48 and prior
• QJ71E71-100, the first 5 digits of serial number 21092 and prior
• LJ71E71-100, the first 5 digits of serial number 21092 and prior
• QJ71MT91, the first 5 digits of serial number 20082 and prior
• NZ2GACP620-60, Version 1.03D and prior
• NZ2GACP620-300, Version 1.03D and prior
• GT25-J71GN13-T2, Version 03 and prior
• R00/01/02CPU, Firmware Versions 20 and earlier
• R04/08/16/32/120(EN)CPU, Firmware Versions 52 and earlier
• R08/16/32/120SFCPU, Firmware Versions 22 and earlier
• R08/16/32/120PCPU, Firmware Versions 25 and earlier
• R08/16/32/120PSFCPU, Firmware Versions 06 and earlier
• R16/32/64MTCPU, Firmware Versions 21 and earlier
• The following versions of MELSEC iQ-R Series are affected:
  • R 00/01/02 CPU, firmware Versions 20 and earlier
  • R 04/08/16/32/120 (EN) CPU, firmware Versions 52 and earlier
  • R 08/16/32/120 SFCPU, firmware Versions 22 and earlier
  • R 08/16/32/120 PCPU, all versions
  • R 08/16/32/120 PSFCPU, all versions
  • R 08/16/32/120 PCPU, firmware Versions 25 and earlier
  • R 16/32/64 MTCPU, all versions
• The following versions of MELSEC Q Series are affected:
  • Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU, serial number 22081 and earlier
  • Q 03/04/06/13/26 UDVCPU, serial number 22031 and earlier
  • Q 04/06/13/26 UDPVCPU, serial number 22031 and earlier
  • Q 172/173 DCPU-S1, all versions
  • Q 172/173 DSCPU, all versions
  • Q 170 MCPU, all versions
  • Q 170 MSCPU (-S1), all versions
  • MR-MQ100, all versions
• The following versions of MELSEC L Series are affected:
  • L 02/06/26 CPU (-P), L 26 CPU - (P) BT, all versions
• Mitsubishi Electric reports the vulnerability affects the following MELSEC iQ-R series CPU module products:
  • R00/01/02CPU firmware Versions 19 and earlier
  • R04/08/16/32/120(EN)CPU firmware Versions 51 and earlier
  • R08/16/32/120SFCPU firmware Versions 22 and earlier
  • R08/16/32/120PCPU firmware Versions 25 and earlier
  • R08/16/32/120PSFCPU firmware Versions 06 and earlier
  • RJ71EN71 firmware Versions 47 and earlier
  • RJ71GF11-T2 firmware Versions 47 and earlier
  • RJ72GF15-T2 firmware Versions 07 and earlier
  • RJ71GP21-SX firmware Versions 47 and earlier
  • RJ71GP21S-SX firmware Versions 47 and earlier
  • RJ71C24(-R2/R4) all versions
  • RJ71GN11-T2 all versions
• Mitsubishi Electric reports the vulnerability affects the following MELFA robot controllers:
  • MELFA FR Series
  • MELFA CR Series
  • MELFA ASSISTA

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• هجمة حجب الخدمة (DoS attack)
• تنفيذ أوامر خبيثة عن بعد

الإجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت Mitsubishi Electric توضيحًا لهذه التحذيرات:

• https://www.mitsubishielectric.com/fa/#