At any point of the digital transition,…
The MELSEC iQ-R series CPU unit provided by Mitsubishi Electric Corporation contains a resource exhaustion vulnerability.
Thursday, November 12, 2020, 7:48 GMT
The following firmware versions of the MELSEC iQ-R series CPU units are affected:
- R00 / 01/02 CPU firmware version from “05” to “19”.
- R04 / 08/16/32/120 (EN) CPU firmware version from “35” to “51”.
A resource depletion (CWE-400) vulnerability is included in the MELSEC iQ-R series CPU unit supported by Mitsubishi Electric Corporation.
According to the creator, if the ‘Internet server use’ setting in the engineering tool is set to ‘Do not use,’ this vulnerability would not be affected (the default setting is ‘Do not use’).
It will cause an error in the Processor unit to accept malicious HTTP packets from a remote third party and bring program execution and communication into a denial of service ( DoS) state.
For recovery, a reset is needed.