CVE-2021-20597
published 2021-08-06CVE-2021-20597: Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and…
PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
2.22%
80.5th percentile
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor network traffic for unprotected/cleartext credentials being transmitted during user registration or password change operations targeting MELSEC iQ-R Safety CPU or SIL2 Process CPU modules — credential sniffing is the described attack vector. ↗
- →Alert on remote authentication attempts to MELSEC iQ-R CPU modules from hosts outside defined trusted IP ranges, particularly during user-info registration or password-change operations over the network. ↗
- →Flag any network-based user registration or password change activity to MELSEC iQ-R Safety CPU (R08/16/32/120SFCPU firmware ≤ 26) or SIL2 Process CPU (R08/16/32/120PSFCPU firmware ≤ 11) — these operations should only occur over USB per vendor guidance. ↗
- ·CVE-2021-20597 affects MELSEC iQ-R Safety CPU firmware versions '26' and prior and SIL2 Process CPU firmware versions '11' and prior; fixed versions are '27' or later and '12' or later respectively, but updating is noted as not always available — verify firmware version before assuming patched status. ↗
- ·No known public exploitation specifically targeting this vulnerability has been reported to CISA at time of advisory publication. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-46vr-p4g8-f826: Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/1
ghsa_unreviewed·2022-05-24
CVE-2021-20597 [CRITICAL] CWE-522 GHSA-46vr-p4g8-f826: Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/1
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
CISA ICS
Mitsubishi Electric MELSEC iQ-R Series (Update B)
cisa_ics·2024-04-18·CVSS 7.5
[HIGH] Mitsubishi Electric MELSEC iQ-R Series (Update B)
ICS Advisory
##
Mitsubishi Electric MELSEC iQ-R Series (Update B)
Last RevisedApril 18, 2024
Alert CodeICSA-21-250-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.4
- ATTENTION: Exploitable remotely
- Vendor: Mitsubishi Electric Corporation
- Equipment: MELSEC iQ-R Series CPU Module
- Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insufficiently Protected Credentials, Overly Restrictive Account Lockout Mechanism
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote attacker unauthorized access to legitimate usernames, CPU module access, or the ability to deny access to legitimate users.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Mitsubishi Electric reports these vulnerabilities a
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://jvn.jp/vu/JVNVU98578731/index.htmlhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-009_en.pdfhttps://jvn.jp/vu/JVNVU98578731/index.htmlhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-009_en.pdf
2021-08-06
Published