• twitter
  • facebook
  • mail

About Us

 

Vulnerability Information

Mitsubishi Electric is working to maintain and improve the security for FA products of the company.

Vulnerability status of Factory Automation Products

* Click here for the latest information about Vulnerability Information.
Mitsubishi Electric's Vulnerability Information

Dispatch date of Information AFFECTED PRODUCTS Title / Detail Information Remarks
CVSS Score 3rd Party Advisory
update: 2022/07/28
release:2021/12/16
FA Engineering Software Multiple Denial-of-Service Vulnerabilities in Multiple FA Engineering Software

<Update history:July 28, 2022>
Added EZSocket as a fixed product.

<Update history:June 30, 2022>
Added MELSOFT Navigator as a fixed product.

5.5 ICSA-21-350-05
update: 2022/07/28
release:2021/02/18
FA Engineering Software Products Multiple Denial-of-Service Vulnerabilities in Multiple FA Engineering Software Products

<Update history:July 28, 2022>
Added fixed products as below
EZSocket, MI Configurator, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)Setting/monitoring tools for the C Controller module (SW3PVC-CCPU) has been removed from “Affected Products

<Update history:May 24, 2022>
Added fixed products as below
M_CommDTM-IO-Link, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility,Network Interface Board CC-Link Ver.2 Utility, Network Interface Board MNETH Utility

<Update history:February 8, 2022>
Added fixed products as below
MT Works2, MX Component, SLMP Data Collector

<Update history:November 16, 2021>
Added fixed products as below
MELFA-Works, MH11 SettingTool Version2, RT ToolBox2

<Update history:July 27, 2021>
Added fixed products as below
GX Developer, MELSOFT Navigator

<Update history:May 27, 2021>
Added fixed and affected products

7.5 ICSA-21-049-02
update: 2022/07/28
release:2020/07/30
FA Products Malicious Code Execution Vulnerability in Multiple FA Products

<Update history:July 28, 2022>
Added MI Configurator that has been fixed to “Countermeasures"

<Update history:May 27, 2022>
Added MELSEC iQ-R Series Motion Module that has been fixed to “Countermeasures".

<Update history:January 14, 2021>
Added MELSOFT iQ AppPortal, MELSOFT Navigator, MR Configurator2 and MX Component that have been fixed to “Countermeasures".

8.3 ICSA-20-212-03
update: 2022/07/28
release:2020/07/30
FA Engineering Software Products Malicious Code Execution Vulnerability in Multiple FA Engineering Software Products

<Update history:July 28, 2022>
Added MI Configurator, Setting/monitoring tools for the C Controller module (SW3PVC-CCPU) and Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) that have been fixed to “Countermeasures".

<Update history:May 24, 2022>
Added FR Configurator2, M_CommDTM-IO-Link, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility, Network Interface Board CC-Link Ver.2 Utility and Network Interface Board MNETH Utility that have been fixed to “Countermeasures".

<Update history:February 8, 2022>
Added CC-Link IE Control Network Data Collector, CC-Link IE Field Network Data Collector, CC-Link IE TSN Data Collector, MR Configurator2, MT Works2, MTConnect Data Collector and SLMP Data Collector that have been fixed to “Countermeasures".

<Update history:November 16, 2021>
Added MELFA-Works, RT ToolBox2 and RT ToolBox3 that have been fixed to “Countermeasures". Added CC-Link IE TSN Data Collector to “Affected Products”

<Update history:July 27, 2021>
Added GX Works2, MELSOFT Complete Clean Up Tool and MELSOFT Navigator that have been fixed to “Countermeasures".

<Update history:May 27, 2021>
Added EZSocket and PX Developer that have been fixed to “Countermeasures".

<Update history:January 14, 2021>
Added MELSOFT iQ AppPortal, MX Component and MX Sheet that have been fixed to “Countermeasures".

<Update history:November 5, 2020>
Added Data Transfer, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GT SoftGOT1000 Version3, GT SoftGOT2000 Version1, MX MESInterface, and MX MESInterface-R that have been fixed to “Countermeasures".

8.3 ICSA-20-212-04
update: 2022/07/28
release:2020/07/30
FA Engineering Software Products Vulnerability due to Improper File Access Control in Multiple FA Engineering Software Products

<Update history:July 28, 2022>
Added MI Configurator, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) that have been fixed to “Countermeasures”.
Setting/monitoring tools for the C Controller module (SW3PVC-CCPU) has been removed from “Affected Products”

<Update history:May 24, 2022>
Added M_CommDTM-IO-Link, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility, Network Interface Board CC-Link Ver.2 Utility and Network Interface Board MNETH utility that have been fixed to “Countermeasures”.

<Update history:December 17, 2020>
Added GT SoftGOT1000 Version3 that have been fixed to “Countermeasures”.

8.3 ICSA-20-212-02
update: 2022/07/26
release:2021/11/30
MELSEC and MELIPC Series Multiple Denial-of-Service Vulnerabilities in Ethernet port of MELSEC and MELIPC Series

<Update history:July 26, 2022>
Added modules that have been fixed to “Countermeasures”.
R12CCPU-V, MI5122-VW

<Update history:May 31, 2022>
Added modules that have been fixed to “Countermeasures”.
R08/16/32/120PSFCPU, R16/32/64MTCPU

<Update history:April 26, 2022>
Added modules that have been fixed to “Countermeasures”.
Q12DCCPU-V, Q24DHCCPU-V(G), Q24/26DHCCPU-LS, MR-MQ100, Q172/173DCPU-S1, Q170MCPU

<Update history:January 27, 2022>
Added modules that have been fixed to “Countermeasures”.
Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, L02/06/26CPU(-P), L26CPU-(P)BT Corrected product model name of “Affected products”
Q172/173DSCPU

7.5 ICSA-21-334-02
release:2022/07/19 GENESIS64TM and MC Works64 Multiple Vulnerabilities in GENESIS64TM and MC Works64

7.5-9.8 ICSA-22-202-04
update: 2022/07/07
release:2021/10/27
MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series C Controller Module

<Update history:July 7, 2022>
・Updated the details of “Countermeasures”

<Update history:October 28, 2021>
・Modified part of descriptions of “Impact”.
・Correction of clerical errors.

6.8 ICSA-21-280-04
release:2022/06/14 MELSEC Q and L Series Denial-of-Service Vulnerability in Ethernet Port on CPU Module of MELSEC Q and L Series

7.5 ICSA-22-172-01
release:2022/06/02 MELSEC-Q/L Series and MELSEC iQ-R Series Denial of Service(DoS) and Remote Code Execution Vulnerability in MELSEC-Q/L Series Ethernet Interface Module and MELSEC iQ-R Series MES Interface Module

8.1 ICSA-22-165-03
update: 2022/05/31
release:2022/05/17
MELSEC iQ-F Series Multiple Denial-of-Service Vulnerabilities in MELSEC iQ-F Series CPU module

<Update history:May 31, 2022>
Added the information of modules that have been fixed to "Affected products" and "Countermeasures"

5.3-8.6 ICSA-22-139-01
update: 2022/05/31
release:2022/03/31
iQ-F Series Authentication Bypass, Information Disclosure and Information Tampering Vulnerabilities in Multiple FA Products

<Update history:May 31, 2022>
Added MELSEC iQ-R/Q/L series to “Affected products”.
Added MELSEC iQ-R/Q/L series product manual information to “Mitigations/Workarounds”.

5.9-7.4 ICSA-22-090-04
update: 2022/05/24
release:2020/08/31
TCP Protocol Stack Impact of Impersonation Vulnerability in TCP Protocol Stack

<Update history:May 24, 2022>
Added fixed products([1]and [4])

<Update history:August 24, 2021>
Added fixed products([1])

<Update history:May 18, 2021>
Added fixed products([1]and [4])

<Update history:February 18, 2021>
Add version information and/or fixed products([8]and [11])

<Update history:January 26, 2021>
Added information regarding countermeasures and mitigations/Workarounds for products( [1] and [5])

<Update history:September 24, 2020>
Add affected products ([8] - [11])

7.3 ICSA-20-245-01
release:2022/05/12 MELSOFT iQ AppPortal Multiple vulnerabilities in MELSOFT iQ AppPortal

5.5-9.8 ICSA-22-132-02
release:2022/05/10 MELSOFT GT OPC UA Client Information Disclosure and Denial-of-Service (DoS) Vulnerabilities due to OpenSSL vulnerabilities on MELSOFT GT OPC UA Client

7.4-7.5 ICSA-22-130-06
update: 2022/05/10
release:2021/09/02
GOT Multiple vulnerabilities in Wireless Communication Standards IEEE 802.11 (Frag Attacks)

<Update history:May 10, 2022>
Add fixed products as below
[4] [Wireless LAN communication unit for GOT]

<Update history:March 22, 2022>
Added "[4] [Wireless LAN communication unit for GOT]" to affected products.

2.6-7.5 ICSA-22-102-04
release:2022/04/07 MELSEC-Q Series Denial of Service(DoS) and Malicious Code Execution Vulnerability in DHCP client function on MELSEC-Q Series C Controller Module

9.0 ICSA-22-102-02
update: 2022/04/07
release:2021/09/06
[Withdraw]Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of GOT and Tension Controller

<Update history:April 7, 2022>
This advisory was withdrawn because these issues are not vulnerabilities.

<Update history:October 5, 2021>
Added information to “Overview”, “CVSS”, “Description” and “Countermeasures”.

ICSA-21-278-01
release:2022/03/29 CC-Link IE TSN Configurator Impact of multiple vulnerabilities in Apache Log4j (Log4shell)

5.9-10.0 Apache Log4j Vulnerability Guidance
update: 2022/03/29
release:2020/10/29
MELSEC iQ-R, Q and L Series Denial-of-Service Vulnerability in Ethernet Port on CPU Module of MELSEC iQ-R, Q and L Series

<Update history:March 29, 2022>
Added the information of modules that have been fixed to “Affected products” and “Countermeasures”.

<Update history:January 13, 2022>
Added modules that have been fixed to “Countermeasures”.

<Update history:May 18, 2021>
Added R 08/16/32/120 PCPU that has been fixed to “Countermeasures".R 08/16/32/120 PSFCPU has been deleted from “Affected products”.

7.5 ICSA-20-303-01
release:2022/02/15 Energy Saving Data Collecting Server (EcoWebServerIII) Multiple Vulnerabilities in web functions of Energy Saving Data Collecting Server (EcoWebServerIII)

6.1
7.5
-
release:2022/01/20 GENESIS64 and MC Works64 Denial of Service (DoS) Vulnerability in database server of GENESIS64 and MC Works64

5.9 ICSA-22-020-01
release:2022/01/20 GENESIS64 and MC Works64 Information Disclosure Vulnerability in GENESIS64 and MC Works64

7.7 ICSA-22-020-01
release:2022/01/20 GENESIS64 and MC Works64 Authentication Bypass Vulnerability in Web communication function on GENESIS64 and MC Works64

9.8 ICSA-22-020-01
release:2022/01/20 MC Works64 Information Disclosure Vulnerability in MC Works64 mobile monitoring

4.2 ICSA-22-020-01
update: 2022/01/20
release:2021/05/11
GOT and Tension Controller Denial-of-Service (DoS) Vulnerability in MODBUS/TCP slave communication function on GOT and Tension Controller

<Update history:January 20, 2022>
For Tension Controller, added “Update procedure” and “Fixed Versions” to “Countermeasures”.

5.9 ICSA-21-131-02
update: 2022/01/20
release:2020/12/03
GOT and Tension Controller Denial-of-Service Vulnerability in TCP/IP Stack of GOT and Tension Controller

<Update history:January 20, 2022>
For Tension Controller, added “How to check the versions in use” to “Affected products and version”. For Tension Controller, added “Update procedure” and “Fixed Versions” to “Countermeasures”.

<Update history:May 11, 2021>
Added “How to check the versions in use” to “Affected products and version” Added “Update procedure” and “Fixed Versions” to “Countermeasures”.

7.5 ICSA-20-343-02
release:2022/01/13 MELSEC-F Series Denial of Service (DoS) Vulnerability in MELSEC-F Series Ethernet interface block

7.5 ICSA-22-013-01 ICSA-22-013-07
release:2022/01/13 MELSEC-F Series Denial of Service (DoS) and potential unspecified Vulnerability in MELSEC-F Series Ethernet interface block

7.5 ICSA-22-013-01 ICSA-22-013-07
release:2021/12/16 GX Works2 Denial-of-Service (DoS) Vulnerability in GX Works2

5.3 ICSA-21-350-04
release:2021/12/16 MELSEC Series Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of MELSEC Series Remote I/O

7.5 ICSA-21-217-01
update: 2021/12/16
release:2020/11/19
MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port

<Update history:December 16, 2021>
RJ71C24 (-R2/R4) has been removed from “Affected products” as it has been found not to be affected by this vulnerability.

<Update history:September 14, 2021>
Added RJ71GN11-T2 that has been fixed to “Countermeasures"

<Update history:May 18, 2021>
Added R08/16/32/120 PCPU and R08/16/32/120PSFCPU that have been fixed to “Countermeasures".

7.5 ICSA-20-324-05
release:2021/11/16 GOT2000 series,GOT SIMPLE series and GT SoftGOT2000 Information Tampering Vulnerability in GOT2000 series,GOT SIMPLE series and GT SoftGOT2000

7.5 ICSA-21-320-02
update: 2021/11/25
release:2021/10/21
GENESIS64 and MC Works64 Arbitrary code execution vulnerablity in AutoCAD (DWG) file import function of GENESIS64 and MC Works64

<Update history:November 25, 2021>
Added information about information disclosure vulnerability (CVE-2021-27040) due to Out-of bounds Read (CWE-125)

7.8 ICSA-21-294-01
release:2021/10/12 GENESIS64 and MC Works64 Denial of Service (DoS) Vulnerability in OPC UA communication function of GENESIS64 and MC Works64

7.5 ICSA-21-294-03
update: 2021/10/13
release:2021/08/06
MELSEC iQ-R Series Authorization Bypass vulnerability in MELSEC iQ-R Series Safety CPU/SIL2 Process CPU Module

<Update history:October 13, 2021>
・Correction of clerical errors.

<Update history:October 12, 2021>
・Added CVE ID and CVSS score.
・Modified part of descriptions of “Overview”, “Description”, “Impact” and “Countermeasures”.

9.1 ICSA-21-287-03
release:2021/08/05 MELSEC iQ-R Series Information disclosure vulnerability in MELSEC iQ-R Series CPU Module

5.9 ICSA-21-250-01
release:2021/08/05 MELSEC iQ-R Series Unauthorized login vulnerability in MELSEC iQ-R Series CPU Module

7.4 ICSA-21-250-01
release:2021/08/05 MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series CPU Module

3.7 ICSA-21-250-01
release:2021/07/27 GOT Denial-of-Service (DoS) Vulnerability in MODBUS/TCP slave communication function on GOT

5.9 ICSA-21-208-02
update: 2021/07/27
release:2021/04/22
GOT Password authentication bypass vulnerability in VNC function of GOT

<Update history:July 27, 2021>
Added “How to check the versions in use” to “Affected products”.Added “Update procedure” and “Fixed Versions” to “Countermeasures”.

5.9 ICSA-21-112-02
release:2021/07/20 MELSEC-F Series Denial of Service (DoS) Vulnerability in MELSEC-F Series Ethernet interface block

7.5 ICSA-21-201-01
update:2021/06/17
release:2021/02/16
MELSOFT FieldDeviceConfigurator Arbitrary code execution vulnerability in MELSOFT FieldDeviceConfigurator product

<Update history:June 17, 2021>
Added MELSOFT FieldDeviceConfigurator that has been fixed to “Affected products" and “Countermeasures".

7.3 ICSA-21-021-05
update: 2021/06/14
release:2020/06/18
MC Works 64 and MC Works 32 Denial of Service vulnerability and Remote Code Execution vulnerability in MC Works 64 and MC Works 32

<Update history:June 14, 2021>
-Updated the URL of the web page to download the security patch.
-Fixed errors in the description of the target version of the security patch.

<Update history:January 14, 2021>
Added Security Patches for MC Works64 Version 2.00A - 2.02C.

<Update history:December 8, 2020>
Added Security Patches for MC Works64 Version 3.00A - 3.04E.

<Update history:September 9, 2020>
Added Security Patches for MC Works64 Version 4.00A - 4.02C.

7.5 - 9.8 ICSA-20-170-02
release:2021/05/27 MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSOFT Transmission Port (TCP/IP)

5.3 ICSA-21-147-05
update: 2021/05/18
release:2021/01/21
MELFA FR,CR Series and ASSISTA Denial-of-Service Vulnerability in Robot Controller of MELFA FR Series and CR Series as well as ASSISTA

<Update history:May 18, 2021>
Modified the description of “Countermeasures”.Added the IP filter function to “Mitigations”.

7.5 ICSA-21-021-04
update: 2021/05/18
release:2020/10/08
MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port

<Update history:May 18, 2021>
Added affected product(R08/16/32/120PSFCPU). Added R16/32/64MTCPU that has been fixed to “Countermeasures".

<Update history:February 18, 2021>
Added modules that have been fixed to “Countermeasures”.

<Update history:October 26, 2020>
Added modules that have been fixed to “Countermeasures”.

8.6 ICSA-20-282-02
update: 2021/04/20
release:2020/06/09
MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port

<Update history:April 20, 2021>
Modified part of descriptions of “Overview” and “Impact”.

<Update history:November 5, 2020>
Added modules that have been fixed to “Countermeasures”.

5.3 ICSA-20-161-02
release:2020/12/10 MELSEC iQ-F Series Denial-of-Service Vulnerability in Ethernet Port on CPU Module of MELSEC iQ-F Series

7.4 ICSA-20-345-01
release:2020/11/12 MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series CPU Modules

6.8 ICSA-20-317-01
release:2020/11/05 GOT1000 Series Multiple vulnerabilities in TCP/IP Stack on GT14 Model of GOT1000 Series

5.3 - 9.8 ICSA-20-310-02
release:2020/10/29 MELSEC iQ-R Series Multiple Vulnerabilities in TCP/IP stack on MELSEC iQ-R Series Information/Network Module

5.3 - 9.8 ICSA-20-303-02
release:2020/07/03 GOT2000 Series Multiple vulnerabilities in TCP/IP Stack on GOT2000 Series

5.3 - 9.8 ICSA-20-189-02
release:2020/06/30 FA Engineering Software Products Multiple Vulnerabilities Due to Improper Handling of XML in Multiple FA Engineering Software Products

7.5 ICSA-20-182-02
release:2020/06/23 MELSEC iQ-R, iQ-F, Q, L and FX series Vulnerability of Information Disclosure, Information Tampering, Unauthorized Operation and Denial-of-Service (DoS) between MELSEC iQ-R, iQ-F, Q, L and FX series CPU modules and GX Works3/GX Works2

10.0 ICSA-20-175-01
release:2020/03/30 MELSOFT Remote Access Vulnerability in MELSOFT Transmission Port (UDP/IP)

5.3 ICSA-20-091-02
release:2020/02/14 MELSEC-Q Series C Controller Module,
MELSEC iQ-R Series C Controller Module / C Intelligent Function Module,
MELIPC Series MI5000
Multiple vulnerabilities in TCP/IP function on MELSEC C Controller Module and MELIPC Series MI5000

5.3 - 9.8 JVNVU#95424547
release:2019/11/07 MELSEC-Q Series, MELSEC-L Series Vulnerability of FTP server function on MELSEC Q/L Series CPU modules

7.5 ICSA-19-311-01
release:2019/05/21 MELSEC-Q Series

Technical News

FA-A-0284-A: Vulnerabilities of MELSEC-Q Series Ethernet Interface Modules (Identified by External Institutions)

7.5 ICSA-19-141-02
release:2016/12/01 MELSEC-Q Series

Technical News

FA-A-0230: Vulnerabilities of MELSEC-Q series Ethernet interface modules

8.6 ICSA-16-336-03