تحذيرات Mitsubishi Electric
1680تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
19 مايو, 2021
● عالي
2021-2937
الصناعة
الوصف:
أصدرت Mitsubishi Electric عدة تحذيرات بخصوص عددٍ من الثغرات في المنتجات التالية:
- QJ71MES96, all versions
- QJ71WS96, all versions
- Q06CCPU-V, all versions
- Q24DHCCPU-V, all versions
- Q24DHCCPU-VG, all versions
- R12CCPU-V, Version 13 and prior
- RD55UP06-V, Version 09 and prior
- RD55UP12-V, Version 01
- RJ71GN11-T2, Version 11 and prior
- RJ71EN71, all versions
- QJ71E71-100, all versions
- LJ71E71-100, all versions
- QJ71MT91, all versions
- RD78Gn(n=4,8,16,32,64), all versions
- RD78GHV, all versions
- RD78GHW, all versions
- NZ2GACP620-60, all versions
- NZ2GACP620-300, all versions
- NZ2FT-MT, all versions
- NZ2FT-EIP, all versions
- Q03UDECPU, the first 5 digits of serial number 22081 and prior
- QnUDEHCPU(n=04/06/10/13/20/26/50/100), the first 5 digits of serial number 22081 and prior
- QnUDVCPU(n=03/04/06/13/26), the first 5 digits of serial number 22031 and prior
- QnUDPVCPU(n=04/06/13/26), the first 5 digits of serial number 22031 and prior
- LnCPU(-P)(n=02/06/26), the first 5 digits of serial number 22051 and prior
- L26CPU-(P)BT, the first 5 digits of serial number 22051 and prior
- RnCPU(n=00/01/02), Version 18 and prior
- RnCPU(n=04/08/16/32/120), Version 50 and prior
- RnENCPU(n=04/08/16/32/120), Version 50 and prior
- RnSFCPU (n=08/16/32/120), Version 22 and prior
- RnPCPU(n=08/16/32/120), Version 24 and prior
- RnPSFCPU(n=08/16/32/120), Version 05 and prior
- FX5U(C)-**M*/**
- Case1: Serial number 17X**** or later: Version 1.210 and prior
- Case2: Serial number 179**** and prior: Version 1.070 and prior
- FX5UC-32M*/**-TS, Version 1.210 and prior
- FX5UJ-**M*/**, Version 1.000
- FX5-ENET, Version 1.002 and prior
- FX5-ENET/IP, Version 1.002 and prior
- FX3U-ENET-ADP, Version 1.22 and prior
- FX3GE-**M*/**, the first 3 digits of serial number 20X and prior
- FX3U-ENET, Version 1.14 and prior
- FX3U-ENET-L, Version 1.14 and prior
- FX3U-ENET-P502, Version 1.14 and prior
- FX5-CCLGN-MS, Version 1.000
- IU1-1M20-D, all versions
- LE7-40GU-L, all versions
- GOT2000 Series GT21 Model, all versions
- GS Series, all versions
- GOT1000 Series GT14 Model, all versions
- GT25-J71GN13-T2, all versions
- FR-A800-E Series, production date December 2020 and prior
- FR-F800-E Series, production date December 2020 and prior
- FR-A8NCG, Production date August 2020 and prior
- FR-E800-EPA Series, Production date July 2020 and prior
- FR-E800-EPB Series, Production date July 2020 and prior
- Conveyor Tracking Application APR-nTR3FH, APR-nTR6FH, APR-nTR12FH, APR-nTR20FH(n=1,2), all versions (Discontinued product)
- MR-JE-C, all versions
- MR-J4-TM, all versions
- RJ71EN71, Version 48 and prior
- QJ71E71-100, the first 5 digits of serial number 21092 and prior
- LJ71E71-100, the first 5 digits of serial number 21092 and prior
- QJ71MT91, the first 5 digits of serial number 20082 and prior
- NZ2GACP620-60, Version 1.03D and prior
- NZ2GACP620-300, Version 1.03D and prior
- GT25-J71GN13-T2, Version 03 and prior
- R00/01/02CPU, Firmware Versions 20 and earlier
- R04/08/16/32/120(EN)CPU, Firmware Versions 52 and earlier
- R08/16/32/120SFCPU, Firmware Versions 22 and earlier
- R08/16/32/120PCPU, Firmware Versions 25 and earlier
- R08/16/32/120PSFCPU, Firmware Versions 06 and earlier
- R16/32/64MTCPU, Firmware Versions 21 and earlier
- The following versions of MELSEC iQ-R Series are affected:
- R 00/01/02 CPU, firmware Versions 20 and earlier
- R 04/08/16/32/120 (EN) CPU, firmware Versions 52 and earlier
- R 08/16/32/120 SFCPU, firmware Versions 22 and earlier
- R 08/16/32/120 PCPU, all versions
- R 08/16/32/120 PSFCPU, all versions
- R 08/16/32/120 PCPU, firmware Versions 25 and earlier
- R 16/32/64 MTCPU, all versions
- The following versions of MELSEC Q Series are affected:
- Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU, serial number 22081 and earlier
- Q 03/04/06/13/26 UDVCPU, serial number 22031 and earlier
- Q 04/06/13/26 UDPVCPU, serial number 22031 and earlier
- Q 172/173 DCPU-S1, all versions
- Q 172/173 DSCPU, all versions
- Q 170 MCPU, all versions
- Q 170 MSCPU (-S1), all versions
- MR-MQ100, all versions
- The following versions of MELSEC L Series are affected:
- L 02/06/26 CPU (-P), L 26 CPU - (P) BT, all versions
- Mitsubishi Electric reports the vulnerability affects the following MELSEC iQ-R series CPU module products:
- R00/01/02CPU firmware Versions 19 and earlier
- R04/08/16/32/120(EN)CPU firmware Versions 51 and earlier
- R08/16/32/120SFCPU firmware Versions 22 and earlier
- R08/16/32/120PCPU firmware Versions 25 and earlier
- R08/16/32/120PSFCPU firmware Versions 06 and earlier
- RJ71EN71 firmware Versions 47 and earlier
- RJ71GF11-T2 firmware Versions 47 and earlier
- RJ72GF15-T2 firmware Versions 07 and earlier
- RJ71GP21-SX firmware Versions 47 and earlier
- RJ71GP21S-SX firmware Versions 47 and earlier
- RJ71C24(-R2/R4) all versions
- RJ71GN11-T2 all versions
- Mitsubishi Electric reports the vulnerability affects the following MELFA robot controllers:
- MELFA FR Series
- MELFA CR Series
- MELFA ASSISTA
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- تنفيذ أوامر خبيثة عن بعد
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت Mitsubishi Electric توضيحًا لهذه التحذيرات: