Mitsubishi Electric has released security updates to address multiple vulnerabilities in the following products:

• MELSEC iQ-R Series R00/01/02CPU, Firmware:
  • Versions 24 and prior
• MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware:
  • Versions 57 and prior
• MELSEC iQ-R Series R08/16/32/120SFCPU:
  • All versions
• MELSEC iQ-R Series R08/16/32/120PCPU Firmware:
  • Versions 29 and prior
• MELSEC iQ-R Series R08/16/32/120PSFCPU:
  • All versions
• MELSEC iQ-R Series R16/32/64MTCPU:
  • All versions
• MELSEC iQ-R Series R12CCPU-V:
  • All versions
• MELSEC Q Series Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU:  
  • The first 5 digits of serial No. 23121 and prior
• MELSEC Q Series Q03/04/06/13/26UDVCPU:
  • The first 5 digits of serial No. 23071 and prior
• MELSEC Q Series Q04/06/13/26UDPVCPU:
  • The first 5 digits of serial No. 23071 and prior
• MELSEC Q Series Q12DCCPU-V, Q24DHCCPU-V(G), Q24/26DHCCPU-LS:
  • The first 5 digits of serial No. 24031 and prior
• MELSEC Q Series MR-MQ100:
  • Operating system software version F and prior
• MELSEC Q Series Q172/173DCPU-S1:
  • Operating system software version W and prior 
• MELSEC Q Series Q172/173DSCPU:
  • All versions
• MELSEC Q Series Q170MCPU:
  • Operating system software version W and prior 
• MELSEC Q Series Q170MSCPU(-S1):
  • All versions
• MELSEC L Series L02/06/26CPU(-P), L26CPU-(P)BT:  
  • The first 5 digits of serial No. 23121 and prior
• MELIPC Series MI5122-VW:
  • All versions

An attacker could exploit these vulnerabilities by the following:

• Uncontrolled Resource Consumption
• Improper Input Validation

The CERT team encourages users to apply the necessary updates by using the following link:

• https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf