CVE-2021-20611

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R Series R00/01/02CPU versions 24 and prior MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 57 and prior MELSEC iQ-R Series R08/16/32/120SFCPU all versions MELSEC iQ-R Series R08/16/32/120PCPU versions 29 and prior MELSEC iQ-R Series R08/16/32/120PSFCPU all versions MELSEC iQ-R Series R16/32/64MTCPU all versions MELSEC iQ-R Series R12CCPU-V all versions MELSEC Q Series Q03UDECPU all versions MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU all versions MELSEC Q Series Q03/04/06/13/26UDVCPU with serial number 23071 and prior MELSEC Q Series Q04/06/13/26UDPVCPU with serial number 23071 and prior MELSEC Q Series Q12DCCPU-V all versions MELSEC Q Series Q24DHCCPU-V(G) all versions MELSEC Q Series Q24/26DHCCPU-LS all versions MELSEC Q Series MR-MQ100 all versions MELSEC Q Series Q172/173DCPU-S1 all versions MELSEC Q Series Q172/173DSCPU all versions MELSEC Q Series Q170MCPU all versions MELSEC Q Series Q170MSCPU(-S1) all versions MELSEC L Series L02/06/26CPU(-P) all versions MELSEC L Series L26CPU-(P)BT all versions MELIPC Series MI5122-VW all versions

Description The issue is caused by improper input validation, allowing a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Recommendations For MELSEC iQ-R Series R00/01/02CPU versions 24 and prior, update to a version later than 24. For MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 57 and prior, update to a version later than 57. For MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT, and MELIPC Series MI5122-VW, restrict access to the system until a patch is available. For MELSEC iQ-R Series R08/16/32/120PCPU versions 29 and prior, update to a version later than 29. For MELSEC Q Series Q03/04/06/13/26UDVCPU and MELSEC Q Series Q04/06/13/26UDPVCPU with serial number 23071 and prior, update the device with a serial number later than 23071. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected products, so consider temporarily disabling the affected systems or restricting access to them until a patch is available.