PT-2021-8029 · Mitsubishi · Melsec Iq-R Series Sil2 Process Cpu+1
Ivan Speziale
·
Published
2021-10-14
·
Updated
2024-05-14
·
CVE-2021-20599
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU versions prior to 26
MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU versions prior to 11
Description
The issue is related to the transmission of credentials in an unencrypted form, allowing a remote attacker to gain unauthorized access to protected information. This can enable an attacker to log in to a target CPU module by obtaining credentials other than a password.
Recommendations
For MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU versions prior to 26, update the firmware to version 27 or later.
For MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU versions prior to 11, update the firmware to version 12 or later.
As a temporary workaround, consider restricting access to the CPU modules to minimize the risk of exploitation.
Fix
IDOR
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Melsec Iq-R Series Sil2 Process Cpu
Melsec Iq-R Series Safety Cpu