Mitsubishi Electric Updates
1959Warning Date
Severity Level
Warning Number
Target Sector
17 January, 2021
● High
2021-2332
Manufacturing
Description:
Mitsubishi Electric has released a security updates to address multiple vulnerabilities in the following products:
- CPU Module Logging Configuration Tool
- FR Configurator2, Versions 1.22Y and prior
- GX Works2, Versions 1.595V and prior
- GX Works3, Versions 1.063R and prior
- MELSEC iQ-R Series Motion Module, all versions
- MELSOFT iQ AppPortal, Version 1.17T and prior
- MELSOFT Navigator, 2.70Y and prior
- MI Configurator, all versions
- MR Configurator2, Version 1.110Q and prior
- MT Works2, Versions 1.156N and prior
- MX Component, Version 4.20W and prior
- RT ToolBox3, Versions 1.70Y and prior
- C Controller Interface Module Utility, all versions
- C Controller Module Setting and Monitoring Tool, all versions
- CC-Link IE Control Network Data Collector, all versions
- CC-Link IE Field Network Data Collector, all versions
- CPU Module Logging Configuration Tool, Versions 1.100E and prior
- CW Configurator, Versions 1.010L and prior
- Data Transfer, Versions 3.42U and prior
- EZSocket, all versions
- FR Configurator SW3, all versions
- FR Configurator2, all versions
- GT Designer2 Classic, all versions
- GT Designer3 Version1 (GOT1000), Versions 1.241B and prior
- GT Designer3 Version1 (GOT2000), Versions 1.241B and prior
- GT SoftGOT1000 Version3, Versions 3.200J and prior
- GT SoftGOT2000 Version1, Versions 1.241B and prior
- GX Developer, Versions 8.504A and prior
- GX LogViewer, Versions 1.100E and prior
- GX Works2, all versions
- GX Works3, Versions 1.063R and prior
- M_CommDTM-IO-Link, all versions
- MELFA-Works, all versions
- MELSEC WinCPU Setting Utility, all versions
- MELSOFT Complete Clean Up Tool, all versions
- MELSOFT EM Software Development Kit, all versions
- MELSOFT iQ AppPortal, 1.17T and prior
- MELSOFT Navigator, all versions
- MI Configurator, all versions
- Motion Control Setting, Versions 1.005F and prior
- Motorizer, Versions 1.005F and prior
- MR Configurator2, all versions
- MT Works2, all versions
- MTConnect Data Collector, all versions
- MX Component, Version 4.20W and prior
- MX MESInterface, Versions 1.21X and prior
- MX MESInterface-R, Versions 1.12N and prior
- MX Sheet, Version 2.15R and prior
- Network Interface Board CC IE Control Utility, all versions
- Network Interface Board CC IE Field Utility, all versions
- Network Interface Board CC-Link Ver.2 Utility, all versions
- Network Interface Board MNETH Utility, all versions
- Position Board utility 2, all versions
- PX Developer, all versions
- RT ToolBox2, all versions
- RT ToolBox3, all versions
- Setting/monitoring tools for the C Controller module, all versions
- SLMP Data Collector, all versions
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS)
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to apply the necessary updates by following the below links: