CVE-2020-16850

Name of the Vulnerable Software and Affected Versions Mitsubishi MELSEC iQ-R Series PLCs version 49

Description The issue allows an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network, exposing Improper Input Validation. This results in a denial of service attack. After the process is halted, physical access to the PLC is required to restore production, and the device state is lost. The issue is related to specific models including R04CPU and RJ71GF11-T2.

Recommendations For Mitsubishi MELSEC iQ-R Series PLCs version 49, consider implementing network segmentation to restrict access to the PLC and limit the potential impact of a denial of service attack. As a temporary workaround, restrict network access to the PLC to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.