cbcvebase.
CVE-2021-20597
published 2021-08-06

CVE-2021-20597: Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and…

PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
2.22%
80.5th percentile
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor network traffic for unprotected/cleartext credentials being transmitted during user registration or password change operations targeting MELSEC iQ-R Safety CPU or SIL2 Process CPU modules — credential sniffing is the described attack vector.
  • Alert on remote authentication attempts to MELSEC iQ-R CPU modules from hosts outside defined trusted IP ranges, particularly during user-info registration or password-change operations over the network.
  • Flag any network-based user registration or password change activity to MELSEC iQ-R Safety CPU (R08/16/32/120SFCPU firmware ≤ 26) or SIL2 Process CPU (R08/16/32/120PSFCPU firmware ≤ 11) — these operations should only occur over USB per vendor guidance.
  • ·CVE-2021-20597 affects MELSEC iQ-R Safety CPU firmware versions '26' and prior and SIL2 Process CPU firmware versions '11' and prior; fixed versions are '27' or later and '12' or later respectively, but updating is noted as not always available — verify firmware version before assuming patched status.
  • ·No known public exploitation specifically targeting this vulnerability has been reported to CISA at time of advisory publication.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.