CVE-2021-20608

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric GX Works2 versions 1.606G and prior

Description: The issue allows a remote unauthenticated attacker to cause a Denial of Service (DoS) condition in GX Works2. This is achieved by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC, which is done by sending maliciously crafted packets to tamper with the program file.

Recommendations: For versions 1.606G and prior, update to a version later than 1.606G to resolve the issue. As a temporary workaround, consider restricting access to the program files to minimize the risk of exploitation. Avoid using potentially tampered program files from Mitsubishi Electric PLCs until the issue is resolved.