CVE-2021-20596

Name of the Vulnerable Software and Affected Versions: MELSEC-F Series FX3U-ENET firmware versions 1.14 and prior MELSEC-F Series FX3U-ENET-L firmware versions 1.14 and prior MELSEC-F Series FX3U-ENET-P502 firmware versions 1.14 and prior

Description: A NULL Pointer Dereference issue allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected, and system reset is required for recovery.

Recommendations: For MELSEC-F Series FX3U-ENET firmware versions 1.14 and prior, update to a version later than 1.14 to resolve the issue. For MELSEC-F Series FX3U-ENET-L firmware versions 1.14 and prior, update to a version later than 1.14 to resolve the issue. For MELSEC-F Series FX3U-ENET-P502 firmware versions 1.14 and prior, update to a version later than 1.14 to resolve the issue. As a temporary workaround, consider restricting access to the affected devices to minimize the risk of exploitation.