Description
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdf
Third Party Advisory x_refsource_misc
http://jvn.jp/vu/JVNVU97662844/index.html
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-161-02
Scores
CVSS v3
7.5
EPSS
0.0030
EPSS Percentile
53.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (21)
mitsubishielectric/melsec_iq-r00cpu_firmware
< 7
mitsubishielectric/melsec_iq-r01cpu_firmware
< 7
mitsubishielectric/melsec_iq-r02cpu_firmware
< 7
mitsubishielectric/melsec_iq-r04cpu_firmware
< 39
mitsubishielectric/melsec_iq-r08cpu_firmware
< 39
mitsubishielectric/melsec_iq-r08fcpu_firmware
< 20
mitsubishielectric/melsec_iq-r08pcpu_firmware
mitsubishielectric/melsec_iq-r08sfcpu_firmware
mitsubishielectric/melsec_iq-r120cpu_firmware
< 39
mitsubishielectric/melsec_iq-r120fcpu_firmware
< 20
... and 11 more
Published
Jun 10, 2020
Tracked Since
Feb 18, 2026