CVE-2021-20609

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R Series R00/01/02CPU versions 24 and prior MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 57 and prior MELSEC iQ-R Series R08/16/32/120SFCPU versions 28 and prior MELSEC iQ-R Series R08/16/32/120PCPU versions 29 and prior MELSEC iQ-R Series R08/16/32/120PSFCPU versions 08 and prior MELSEC iQ-R Series R16/32/64MTCPU versions 23 and prior MELSEC iQ-R Series R12CCPU-V versions 16 and prior MELSEC Q Series Q03UDECPU with serial number 23121 and prior MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU with serial number 23121 and prior MELSEC Q Series Q03/04/06/13/26UDVCPU with serial number 23071 and prior MELSEC Q Series Q04/06/13/26UDPVCPU with serial number 23071 and prior MELSEC Q Series Q12DCCPU-V with serial number 24031 and prior MELSEC Q Series Q24DHCCPU-V(G) with serial number 24031 and prior MELSEC Q Series Q24/26DHCCPU-LS with serial number 24031 and prior MELSEC Q Series MR-MQ100 versions F and prior MELSEC Q Series Q172/173DCPU-S1 versions W and prior MELSEC Q Series Q172/173DSCPU all versions MELSEC Q Series Q170MCPU versions W and prior MELSEC Q Series Q170MSCPU(-S1) all versions MELSEC L Series L02/06/26CPU(-P) with serial number 23121 and prior MELSEC L Series L26CPU-(P)BT with serial number 23121 and prior MELIPC Series MI5122-VW versions 05 and prior

Description The issue is related to an Uncontrolled Resource Consumption vulnerability, allowing a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Recommendations For MELSEC iQ-R Series R00/01/02CPU versions 24 and prior, update to a version later than 24. For MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 57 and prior, update to a version later than 57. For MELSEC iQ-R Series R08/16/32/120SFCPU versions 28 and prior, update to a version later than 28. For MELSEC iQ-R Series R08/16/32/120PCPU versions 29 and prior, update to a version later than 29. For MELSEC iQ-R Series R08/16/32/120PSFCPU versions 08 and prior, update to a version later than 08. For MELSEC iQ-R Series R16/32/64MTCPU versions 23 and prior, update to a version later than 23. For MELSEC iQ-R Series R12CCPU-V versions 16 and prior, update to a version later than 16. For MELSEC Q Series Q03UDECPU with serial number 23121 and prior, update to a device with a serial number later than 23121. For MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU with serial number 23121 and prior, update to a device with a serial number later than 23121. For MELSEC Q Series Q03/04/06/13/26UDVCPU with serial number 23071 and prior, update to a device with a serial number later than 23071. For MELSEC Q Series Q04/06/13/26UDPVCPU with serial number 23071 and prior, update to a device with a serial number later than 23071. For MELSEC Q Series Q12DCCPU-V with serial number 24031 and prior, update to a device with a serial number later than 24031. For MELSEC Q Series Q24DHCCPU-V(G) with serial number 24031 and prior, update to a device with a serial number later than 24031. For MELSEC Q Series Q24/26DHCCPU-LS with serial number 24031 and prior, update to a device with a serial number later than 24031. For MELSEC Q Series MR-MQ100 versions F and prior, update to a version later than F. For MELSEC Q Series Q172/173DCPU-S1 versions W and prior, update to a version later than W. For MELSEC Q Series Q172/173DSCPU all versions, update to a version that is not affected. For MELSEC Q Series Q170MCPU versions W and prior, update to a version later than W. For MELSEC Q Series Q170MSCPU(-S1) all versions, update to a version that is not affected. For MELSEC L Series L02/06/26CPU(-P) with serial number 23121 and prior, update to a device with a serial number later than 23121. For MELSEC L Series L26CPU-(P)BT with serial number 23121 and prior, update to a device with a serial number later than 23121. For MELIPC Series MI5122-VW versions 05 and prior, update to a version later than 05. At the moment, there is no information about a newer version that contains a fix for this vulnerability.