CVE-2020-5546

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware versions 1.0.7 and earlier

Description The issue is related to an "Improper Neutralization of Argument Delimiters in a Command" or 'Argument Injection' in the TCP function of the firmware. This allows an attacker on the same network segment to potentially stop the network functions or execute malware by sending a specially crafted packet.

Recommendations For Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware versions 1.0.7 and earlier, update to a version later than 1.0.7 to resolve the issue. At the moment, there is no information about additional mitigation measures.