CVE-2021-20612

Name of the Vulnerable Software and Affected Versions MELSEC-F series FX3U-ENET Firmware versions 1.14 and prior MELSEC-F series FX3U-ENET-L Firmware versions 1.14 and prior MELSEC-F series FX3U-ENET-P502 Firmware versions 1.14 and prior

Description The issue is related to a lack of administrator control over security vulnerability, allowing a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in the communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of a TCP port. Control by MELSEC-F series PLC is not affected by this issue, but a system reset is required for recovery.

Recommendations For MELSEC-F series FX3U-ENET Firmware versions 1.14 and prior, update to a version later than 1.14 to resolve the issue. For MELSEC-F series FX3U-ENET-L Firmware versions 1.14 and prior, update to a version later than 1.14 to resolve the issue. For MELSEC-F series FX3U-ENET-P502 Firmware versions 1.14 and prior, update to a version later than 1.14 to resolve the issue. As a temporary workaround, consider restricting access to the unnecessary opening of the TCP port until a patch is available.