CVE-2021-20587

Q: What is the severity of CVE-2021-20587?

CVE-2021-20587 has a CVSS score of 7.5 (HIGH). A heap-based buffer overflow vulnerability in multiple Mitsubishi Electric industrial automation software products allows remote unauthenticated attackers to cause denial-of-service or potentially execute arbitrary code by sending crafted reply packets that spoof legitimate industrial devices. This affects numerous configuration, monitoring, and engineering tools used with Mitsubishi PLCs, HMIs, and drives. Organizations using these industrial control system software products are at risk.

7.5 HIGH

📋 TL;DR

A heap-based buffer overflow vulnerability in multiple Mitsubishi Electric industrial automation software products allows remote unauthenticated attackers to cause denial-of-service or potentially execute arbitrary code by sending crafted reply packets that spoof legitimate industrial devices. This affects numerous configuration, monitoring, and engineering tools used with Mitsubishi PLCs, HMIs, and drives. Organizations using these industrial control system software products are at risk.

💻 Affected Systems

Products:

CPU Module Logging Configuration Tool
CW Configurator
Data Transfer
EZSocket
FR Configurator
FR Configurator SW3
FR Configurator2
GT Designer3 Version1(GOT1000)
GT Designer3 Version1(GOT2000)
GT SoftGOT1000 Version3
GT SoftGOT2000 Version1
GX Configurator-DP
GX Configurator-QP
GX Developer
GX Explorer
GX IEC Developer
GX LogViewer
GX RemoteService-I
GX Works2
GX Works3
iQ Monozukuri ANDON (Data Transfer)
iQ Monozukuri Process Remote Monitoring (Data Transfer)
M_CommDTM-HART
M_CommDTM-IO-Link
MELFA-Works
MELSEC WinCPU Setting Utility
MELSOFT EM Software Development Kit (EM Configurator)
MELSOFT Navigator
MH11 SettingTool Version2
MI Configurator
MT Works2
MX Component
Network Interface Board CC IE Control utility
Network Interface Board CC IE Field Utility
Network Interface Board CC-Link Ver.2 Utility
Network Interface Board MNETH utility
PX Developer
RT ToolBox2
RT ToolBox3
Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)
SLMP Data Collector

Versions: Various versions as specified in description, generally older versions before 2021 patches

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects software running on engineering workstations and PCs that communicate with Mitsubishi industrial devices. The vulnerability is triggered by receiving crafted network packets.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on engineering workstations, potentially allowing attackers to compromise industrial control systems, manipulate processes, or establish persistence in OT networks.

🟠

Likely Case

Denial-of-service conditions on engineering software, disrupting configuration, monitoring, and maintenance activities for industrial equipment.

🟢

If Mitigated

Limited impact if software is isolated in air-gapped networks with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH - Software is vulnerable to remote unauthenticated attacks via network packets.

🏢 Internal Only: HIGH - Attackers on internal networks can exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific network packets to spoof legitimate industrial devices. While remote code execution is theoretically possible, it has not been reproduced according to the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Various updated versions for each product (see vendor advisory for specific version numbers)

Vendor Advisory: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-021_en.pdf

Restart Required: Yes

Instructions:

1. Identify affected Mitsubishi software products in your environment. 2. Visit the vendor advisory to determine patched versions for each product. 3. Download updated versions from Mitsubishi Electric's official website. 4. Install updates following vendor instructions. 5. Restart systems as required.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate engineering workstations and software in separate network segments with strict firewall rules to prevent unauthorized network access.

Disable Unnecessary Network Services

windows

Disable or restrict network services on engineering workstations that aren't required for operations.

🧯 If You Can't Patch

Implement strict network segmentation to isolate engineering workstations from untrusted networks.
Deploy host-based firewalls to restrict inbound network traffic to only necessary sources.

🔍 How to Verify

Check if Vulnerable:

Check installed versions of Mitsubishi software against the affected versions listed in the vendor advisory.

Check Version:

Check version through each software's Help > About menu or Windows Programs and Features.

Verify Fix Applied:

Verify that software versions have been updated to patched versions specified in the vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes or abnormal termination of Mitsubishi software
Unusual network traffic patterns to engineering workstations

Network Indicators:

Unusual SLMP (Seamless Message Protocol) or industrial protocol traffic to engineering stations
Network packets spoofing MELSEC, GOT, or FREQROL device addresses

SIEM Query:

source_ip IN (engineering_workstation_ips) AND (protocol:SLMP OR protocol:industrial) AND packet_size > normal_threshold

📊 Metadata

CVE ID: CVE-2021-20587

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-122

Published: February 19, 2021

Last Updated: June 13, 2025

🔗 References

https://jvn.jp/vu/JVNVU92330101
https://www.cisa.gov/news-events/ics-advisories/icsa-21-049-02
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-021_en.pdf
https://jvn.jp/vu/JVNVU92330101/index.html Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

C Controller Module Setting And Monitoring Tool by Mitsubishielectric

Cpu Module Logging Configuration Tool by Mitsubishielectric

Cw Configurator by Mitsubishielectric

Data Transfer by Mitsubishielectric

Ezsocket by Mitsubishielectric

Fr Configurator by Mitsubishielectric

Fr Configurator Sw3 by Mitsubishielectric

Fr Configurator2 by Mitsubishielectric

Gt Designer3 by Mitsubishielectric

Gt Softgot1000 by Mitsubishielectric

Gt Softgot2000 by Mitsubishielectric

Gx Configurator Dp by Mitsubishielectric

Gx Configurator Qp by Mitsubishielectric

Gx Developer by Mitsubishielectric

Gx Explorer by Mitsubishielectric

Gx Iec Developer by Mitsubishielectric

Gx Logviewer by Mitsubishielectric

Gx Remoteservice I by Mitsubishielectric

Gx Works2 by Mitsubishielectric

Gx Works3 by Mitsubishielectric

Iq Monozukuri Andon by Mitsubishielectric

Iq Monozukuri Process Remote Monitoring by Mitsubishielectric

M Commdtm Hart by Mitsubishielectric

M Commdtm Io Link by Mitsubishielectric

Melfa Works by Mitsubishielectric

Melsec Wincpu Setting Utility by Mitsubishielectric

Melsoft Em Software Development Kit by Mitsubishielectric

Melsoft Navigator by Mitsubishielectric

Mh11 Settingtool Version2 by Mitsubishielectric

Mi Configurator by Mitsubishielectric

Mt Works2 by Mitsubishielectric

Mx Component by Mitsubishielectric

Network Interface Board Cc Ie Control Utility by Mitsubishielectric

Network Interface Board Cc Ie Field Utility by Mitsubishielectric

Network Interface Board Cc Link by Mitsubishielectric

Network Interface Board Mneth Utility by Mitsubishielectric

Px Developer by Mitsubishielectric

Rt Toolbox2 by Mitsubishielectric

Rt Toolbox3 by Mitsubishielectric

Setting\/monitoring Tools For The C Controller Module by Mitsubishielectric

Slmp Data Collector by Mitsubishielectric