CVE-2021-20594

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R Series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26 MELSEC iQ-R Series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11

Description The issue is related to the exposure of sensitive information to unauthorized actors due to a lack of protection for service data. This can allow a remote attacker to gain unauthorized access to protected information. Specifically, it enables a remote unauthenticated attacker to acquire legitimate user names registered in the module via a brute-force attack on user names.

Recommendations For MELSEC iQ-R Series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26, update the firmware to version 26 or later. For MELSEC iQ-R Series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11, update the firmware to version 11 or later. As a temporary workaround, consider restricting access to the modules to minimize the risk of exploitation.