CVE-2021-20591
📋 TL;DR
This vulnerability allows remote unauthenticated attackers to cause denial of service (DoS) on Mitsubishi Electric MELSEC iQ-R series CPU modules by exploiting improper connection handling. Attackers can prevent legitimate clients from connecting to the MELSOFT transmission port by not closing connections properly. All organizations using affected MELSEC iQ-R series CPU modules are vulnerable.
💻 Affected Systems
- Mitsubishi Electric MELSEC iQ-R series CPU modules
📦 What is this software?
R00cpu Firmware by Mitsubishielectric
R01cpu Firmware by Mitsubishielectric
R02cpu Firmware by Mitsubishielectric
R04cpu Firmware by Mitsubishielectric
R08cpu Firmware by Mitsubishielectric
R08pcpu Firmware by Mitsubishielectric
R08psfcpu Firmware by Mitsubishielectric
R08sfcpu Firmware by Mitsubishielectric
R120cpu Firmware by Mitsubishielectric
R120pcpu Firmware by Mitsubishielectric
R120psfcpu Firmware by Mitsubishielectric
R120sfcpu Firmware by Mitsubishielectric
R16cpu Firmware by Mitsubishielectric
R16pcpu Firmware by Mitsubishielectric
R16psfcpu Firmware by Mitsubishielectric
R16sfcpu Firmware by Mitsubishielectric
R32cpu Firmware by Mitsubishielectric
R32pcpu Firmware by Mitsubishielectric
R32psfcpu Firmware by Mitsubishielectric
R32sfcpu Firmware by Mitsubishielectric
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service preventing all legitimate connections to the MELSOFT transmission port, disrupting industrial control operations.
Likely Case
Partial or intermittent DoS affecting industrial control system availability and reliability.
If Mitigated
Minimal impact with proper network segmentation and monitoring in place.
🎯 Exploit Status
Exploitation requires only network access to TCP port 5006/5007 (MELSOFT transmission port) and ability to establish connections without proper closure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates available - specific versions depend on CPU model
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf
Restart Required: Yes
Instructions:
1. Download firmware update from Mitsubishi Electric website. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Restart affected CPU modules. 5. Verify update completion.
🔧 Temporary Workarounds
Network Segmentation
allIsolate MELSEC iQ-R systems from untrusted networks using firewalls.
Port Restriction
allRestrict access to TCP ports 5006 and 5007 to trusted IP addresses only.
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to affected systems
- Deploy network monitoring and intrusion detection for abnormal connection patterns
🔍 How to Verify
Check if Vulnerable:
Check if you have affected MELSEC iQ-R CPU modules and verify firmware version against vendor advisory.Check Version:
Use MELSOFT engineering software to check CPU module firmware versionVerify Fix Applied:
Verify firmware version has been updated to patched version specified in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unusually high number of TCP connections to port 5006/5007
- Connection timeouts or failures on MELSOFT transmission port
Network Indicators:
- Multiple incomplete TCP handshakes to port 5006/5007
- Sustained connections without data transfer
SIEM Query:
source_port:5006 OR source_port:5007 AND (connection_count > threshold OR connection_duration > threshold)