CVE-2020-13238

Name of the Vulnerable Software and Affected Versions Mitsubishi MELSEC iQ-R Series PLCs version 33

Description The issue allows attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, consuming excessive CPU time and resulting in a denial of service attack. After the process is halted, physical access to the PLC is required to restore production.

Recommendations For Mitsubishi MELSEC iQ-R Series PLCs version 33, consider restricting network access to the PLC to minimize the risk of exploitation, and ensure that physical access controls are in place to facilitate restoration of production in case of an attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.