Security Warnings

Your review has been sent successfully
Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Mitsubishi Electric Updates

66

Warning Date: 12 September, 2021

Severity Level ● Critical

Warning Number: 2021-3501

Target Sector: All

Description:

Mitsubishi Electric has released security updates to address multiple vulnerabilities in the following products:

  • smartRTU and INEA ME-RTU: All firmware versions prior to Version 3.3
  • QJ71MES96, all versions
  • QJ71WS96, all versions
  • Q06CCPU-V, all versions
  • Q24DHCCPU-V, all versions
  • Q24DHCCPU-VG, all versions
  • R12CCPU-V, Version 13 and prior
  • RD55UP06-V, Version 09 and prior
  • RD55UP12-V, Version 01
  • RJ71GN11-T2, Version 11 and prior
  • RD78Gn(n=4,8,16,32,64), Version 14 and prior
  • RD78GHV, Version 14 and prior
  • RD78GHW, Version 14 and prior
  • NZ2FT-MT, all versions
  • NZ2FT-EIP, all versions
  • Q03UDECPU, the first 5 digits of serial number 22081 and prior
  • QnUDEHCPU(n=04/06/10/13/20/26/50/100), the first 5 digits of serial number 22081 and prior
  • QnUDVCPU(n=03/04/06/13/26), the first 5 digits of serial number 22031 and prior
  • QnUDPVCPU(n=04/06/13/26), the first 5 digits of serial number 22031 and prior
  • LnCPU(-P)(n=02/06/26), the first 5 digits of serial number 22051 and prior
  • L26CPU-(P)BT, the first 5 digits of serial number 22051 and prior
  • RnCPU(n=00/01/02), Version 18 and prior
  • RnCPU(n=04/08/16/32/120), Version 50 and prior
  • RnENCPU(n=04/08/16/32/120), Version 50 and prior
  • RnSFCPU (n=08/16/32/120), Version 22 and prior
  • RnPCPU(n=08/16/32/120), Version 24 and prior
  • RnPSFCPU(n=08/16/32/120), Version 05 and prior
  • FX5U(C)-**M*/**
  • Case1: Serial number 17X**** or later: Version 1.210 and prior
  • Case2: Serial number 179**** and prior: Version 1.070 and prior
  • FX5UC-32M*/**-TS, Version 1.210 and prior
  • FX5UJ-**M*/**, Version 1.000
  • FX5-ENET, Version 1.002 and prior
  • FX5-ENET/IP, Version 1.002 and prior
  • FX3U-ENET-ADP, Version 1.22 and prior
  • FX3GE-**M*/**, the first 3 digits of serial number 20X and prior
  • FX3U-ENET, Version 1.14 and prior
  • FX3U-ENET-L, Version 1.14 and prior
  • FX3U-ENET-P502, Version 1.14 and prior
  • FX5-CCLGN-MS, Version 1.000
  • IU1-1M20-D, all versions
  • LE7-40GU-L, all versions
  • GOT2000 Series GT21 Model, all versions
  • GS Series, all versions
  • GOT1000 Series GT14 Model, all versions
  • FR-A800-E Series, production date December 2020 and prior
  • FR-F800-E Series, production date December 2020 and prior
  • FR-A8NCG, Production date August 2020 and prior
  • FR-E800-EPA Series, Production date July 2020 and prior
  • FR-E800-EPB Series, Production date July 2020 and prior
  • Conveyor Tracking Application APR-nTR3FH, APR-nTR6FH, APR-nTR12FH, APR-nTR20FH(n=1,2), all versions (Discontinued product)
  • MR-JE-C, all versions
  • MR-J4-TM, all versions
  • RJ71EN71, Version 48 and prior
  • QJ71E71-100, the first 5 digits of serial number 21092 and prior
  • LJ71E71-100, the first 5 digits of serial number 21092 and prior
  • QJ71MT91, the first 5 digits of serial number 20082 and prior
  • NZ2GACP620-60, Version 1.03D and prior
  • NZ2GACP620-300, Version 1.03D and prior
  • GT25-J71GN13-T2, Version 03 and prior

Threats:

Attackers could exploit these vulnerabilities by doing the following:

  • Sensitive information disclosure
  • Execute arbitrary code

Best practice and Recommendations:

The CERT team encourages users to review Mitsubishi Electric security advisory:

Mitsubishi Electric recommends following the below recommendations:

  • Use a firewall or VPN, etc., to prevent unauthorized access when Internet access is required.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls. 

Last updated at 12 September, 2021

Rate the content

rate-icon