CVE-2021-20597

CRITICAL

Mitsubishi Electric MELSEC iQ-R - Info Disclosure

Title source: llm

Description

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.

References (3)

Scores

CVSS v3 9.1
EPSS 0.0089
EPSS Percentile 75.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE
CWE-522
Status published

Affected Products (8)

mitsubishielectric/r08sfcpu_firmware
mitsubishielectric/r16sfcpu_firmware
mitsubishielectric/r32sfcpu_firmware
mitsubishielectric/r120sfcpu_firmware
mitsubishielectric/r08psfcpu_firmware
mitsubishielectric/r16psfcpu_firmware
mitsubishielectric/r32psfcpu_firmware
mitsubishielectric/r120psfcpu_firmware

Timeline

Published Aug 06, 2021
Tracked Since Feb 18, 2026