CVE-2021-20597

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26 Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11

Description The issue is related to insufficient protection of credentials, allowing a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.

Recommendations For Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26, update the firmware to a version later than 26 to resolve the issue. For Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11, update the firmware to a version later than 11 to resolve the issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation by sniffing network traffic.