CVE-2020-16226

Summary

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi ElectricQJ71MES96all versionsaffected
Mitsubishi ElectricQJ71WS96all versionsaffected
Mitsubishi ElectricQ06CCPU-Vall versionsaffected
Mitsubishi ElectricQ24DHCCPU-Vall versionsaffected
Mitsubishi ElectricQ24DHCCPU-VGall versionsaffected
Mitsubishi ElectricR12CCPU-Vall versionsaffected
Mitsubishi ElectricRD55UP06-V,all versionsaffected
Mitsubishi ElectricD55UP12-Vall versionsaffected
Mitsubishi ElectricRJ71GN11-T2all versionsaffected
Mitsubishi ElectricRJ71EN71all versionsaffected
Mitsubishi ElectricQJ71E71-100all versionsaffected
Mitsubishi ElectricLJ71E71-100all versionsaffected
Mitsubishi ElectricQJ71MT91all versionsaffected
Mitsubishi ElectricRD78Gn(n=4,8,16,32,64)all versionsaffected
Mitsubishi ElectricRD78GHVall versionsaffected
Mitsubishi ElectricRD78GHWall versionsaffected
Mitsubishi ElectricNZ2GACP620-60all versionsaffected
Mitsubishi ElectricNZ2GACP620-300all versionsaffected
Mitsubishi ElectricNZ2FT-MTall versionsaffected
Mitsubishi ElectricNZ2FT-EIPall versionsaffected
Mitsubishi ElectricQ03UDECPUthe first 5 digits of serial number 22081 and prioraffected
Mitsubishi ElectricQnUDEHCPU(n=04/06/10/13/20/26/50/100)the first 5 digits of serial number 22081 and prioraffected
Mitsubishi ElectricQnUDVCPU(n=03/04/06/13/26)the first 5 digits of serial number 22031 and prioraffected
Mitsubishi ElectricQnUDPVCPU(n=04/06/13/2)the first 5 digits of serial number 22031 and prioraffected
Mitsubishi ElectricLnCPU(-P)(n=02/06/26)the first 5 digits of serial number 22051 and prioraffected
Mitsubishi ElectricL26CPU-(P)BTthe first 5 digits of serial number 22051 and prioraffected
Mitsubishi ElectricRnCPU(n=00/01/02)unspecified < Version 18 and prioraffected
Mitsubishi ElectricRnCPU(n=04/08/16/32/120)unspecified < Version 50 and prioraffected
Mitsubishi ElectricRnENCPU(n=04/08/16/32/120)unspecified < Version 50 and prioraffected
Mitsubishi ElectricRnSFCPU (n=08/16/32/120)all versionsaffected
Mitsubishi ElectricRnPCPU(n=08/16/32/120)all versionsaffected
Mitsubishi ElectricRnPSFCPU(n=08/16/32/120)all versionsaffected
Mitsubishi ElectricFX5U(C)-M/*unspecified < Serial number 17X**** or later: Version 1.210 and prioraffected
Mitsubishi ElectricFX5U(C)-M/*unspecified < Serial number 179**** and prior: Version 1.070 and prioraffected
Mitsubishi ElectricFX5UC-32M*/**-TSunspecified < Version 1.210 and prioraffected
Mitsubishi ElectricFX5UJ-M/*Version 1.000affected
Mitsubishi ElectricFX5-ENETall versionsaffected
Mitsubishi ElectricFX5-ENET/IPall versionsaffected
Mitsubishi ElectricFX3U-ENET-ADPall versionsaffected
Mitsubishi ElectricFX3GE-M/*all versionsaffected
Mitsubishi ElectricFX3U-ENETall versionsaffected
Mitsubishi ElectricFX3U-ENET-Lall versionsaffected
Mitsubishi ElectricFX3U-ENET-P502all versionsaffected
Mitsubishi ElectricFX5-CCLGN-MSall versionsaffected
Mitsubishi ElectricIU1-1M20-Dall versionsaffected
Mitsubishi ElectricLE7-40GU-Lall versionsaffected
Mitsubishi ElectricGOT2000 Series GT21 Modelall versionsaffected
Mitsubishi ElectricGS Seriesall versionsaffected
Mitsubishi ElectricGOT1000 Series GT14 Modelall versionsaffected
Mitsubishi ElectricGT25-J71GN13-T2all versionsaffected
Mitsubishi ElectricFR-A800-E Seriesall versionsaffected
Mitsubishi ElectricFR-F800-E Seriesall versionsaffected
Mitsubishi ElectricFR-A8NCGProduction date August 2020 and prioraffected
Mitsubishi ElectricFR-E800-EPA SeriesProduction date July 2020 and prioraffected
Mitsubishi ElectricFR-E800-EPB SeriesProduction date July 2020 and prioraffected
Mitsubishi ElectricConveyor Tracking ApplicationAPR-nTR3FH all versionsaffected
Mitsubishi ElectricConveyor Tracking ApplicationAPR-nTR6FH all versionsaffected
Mitsubishi ElectricConveyor Tracking ApplicationAPR-nTR12FH all versionsaffected
Mitsubishi ElectricConveyor Tracking ApplicationAPR-nTR20FH(n=1,2) all versionsaffected
Mitsubishi ElectricMR-JE-Call versionsaffected
Mitsubishi ElectricMR-J4-TMall versionsaffected

Weaknesses

  • CWE-342: PREDICTABLE EXACT VALUE FROM PREVIOUS VALUES CWE-342

ADP Enrichment

CVE Program Container

Additional References

References