CVE-2021-20610

Q: What is the severity of CVE-2021-20610?

CVE-2021-20610 has a CVSS score of 7.5 (HIGH). This vulnerability in Mitsubishi Electric PLCs allows remote unauthenticated attackers to send specially crafted packets that cause a denial-of-service condition, requiring system reset for recovery. It affects multiple MELSEC iQ-R, Q, L series and MELIPC industrial control system products used in manufacturing and critical infrastructure.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Mitsubishi Electric PLCs allows remote unauthenticated attackers to send specially crafted packets that cause a denial-of-service condition, requiring system reset for recovery. It affects multiple MELSEC iQ-R, Q, L series and MELIPC industrial control system products used in manufacturing and critical infrastructure.

💻 Affected Systems

Products:

MELSEC iQ-R Series R00/01/02CPU
MELSEC iQ-R Series R04/08/16/32/120(EN)CPU
MELSEC iQ-R Series R08/16/32/120SFCPU
MELSEC iQ-R Series R08/16/32/120PCPU
MELSEC iQ-R Series R08/16/32/120PSFCPU
MELSEC iQ-R Series R16/32/64MTCPU
MELSEC iQ-R Series R12CCPU-V
MELSEC Q Series Q03UDECPU
MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU
MELSEC Q Series Q03/04/06/13/26UDVCPU
MELSEC Q Series Q04/06/13/26UDPVCPU
MELSEC Q Series Q12DCCPU-V
MELSEC Q Series Q24DHCCPU-V(G)
MELSEC Q Series Q24/26DHCCPU-LS
MELSEC Q Series MR-MQ100
MELSEC Q Series Q172/173DCPU-S1
MELSEC Q Series Q172/173DSCPU
MELSEC Q Series Q170MCPU
MELSEC Q Series Q170MSCPU(-S1)
MELSEC L Series L02/06/26CPU(-P)
MELSEC L Series L26CPU-(P)BT
MELIPC Series MI5122-VW

Versions: All versions prior to firmware updates

Operating Systems: Embedded PLC firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default configurations of these industrial control systems. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system shutdown requiring physical reset, disrupting industrial processes and potentially causing safety incidents or production losses.

🟠

Likely Case

Temporary denial-of-service affecting PLC operations until manual reset is performed.

🟢

If Mitigated

Limited impact if systems are isolated behind firewalls with strict network controls.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation possible from internet-facing systems.

🏢 Internal Only: MEDIUM - Internal attackers or malware could still exploit if network segmentation is weak.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted packets but no authentication needed. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates specified in vendor advisory

Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf

Restart Required: Yes

Instructions:

1. Check specific product firmware version against vendor advisory. 2. Download appropriate firmware update from Mitsubishi Electric support portal. 3. Apply firmware update following manufacturer's procedures. 4. Restart affected PLCs.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLCs in separate network segments with strict firewall rules

Access Control Lists

all

Implement network ACLs to restrict access to PLC communication ports

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to block unauthorized access to PLCs
Monitor network traffic for anomalous packets and implement intrusion detection systems

🔍 How to Verify

Check if Vulnerable:

Check PLC firmware version against vendor advisory list of affected versions

Check Version:

Use Mitsubishi Electric programming software (GX Works3/GX Works2) to read PLC firmware version

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

PLC error logs showing communication failures
System reset events without clear cause

Network Indicators:

Anomalous packets to PLC communication ports (typically 5006/UDP, 5007/UDP)
Unexpected traffic patterns to industrial control systems

SIEM Query:

source="network_firewall" dest_port IN (5006,5007) AND protocol="UDP" AND packet_size>normal_threshold

📊 Metadata

CVE ID: CVE-2021-20610

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-130

Published: December 1, 2021

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/vu/JVNVU94434051/index.html Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU94434051/index.html Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02 Third Party Advisory,US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Melipc Mi5122 Vw Firmware by Mitsubishi

Melsec Iq R R00 Cpu Firmware by Mitsubishi

Melsec Iq R R01 Cpu Firmware by Mitsubishi

Melsec Iq R R02 Cpu Firmware by Mitsubishi

Melsec Iq R R04 Cpu Firmware by Mitsubishi

Melsec Iq R R04 Pcpu Firmware by Mitsubishi

Melsec Iq R R08 Cpu Firmware by Mitsubishi

Melsec Iq R R08 Cpu Firmware by Mitsubishi

Melsec Iq R R08 Pcpu Firmware by Mitsubishi

Melsec Iq R R08 Sfcpu Firmware by Mitsubishi

Melsec Iq R R12 Ccpu V Firmware by Mitsubishi

Melsec Iq R R120 Cpu Firmware by Mitsubishi

Melsec Iq R R120 Cpu Firmware by Mitsubishi

Melsec Iq R R120 Pcpu Firmware by Mitsubishi

Melsec Iq R R120 Sfcpu Firmware by Mitsubishi

Melsec Iq R R16 Cpu Firmware by Mitsubishi

Melsec Iq R R16 Cpu Firmware by Mitsubishi

Melsec Iq R R16 Mtcpu Firmware by Mitsubishi

Melsec Iq R R16 Pcpu Firmware by Mitsubishi

Melsec Iq R R16 Sfcpu Firmware by Mitsubishi

Melsec Iq R R32 Cpu Firmware by Mitsubishi

Melsec Iq R R32 Cpu Firmware by Mitsubishi

Melsec Iq R R32 Mtcpu Firmware by Mitsubishi

Melsec Iq R R32 Pcpu Firmware by Mitsubishi

Melsec Iq R R32 Sfcpu Firmware by Mitsubishi

Melsec Iq R R64 Mtcpu Firmware by Mitsubishi

Melsec L02cpu\( P\) Firmware by Mitsubishi

Melsec L06cpu\( P\) Firmware by Mitsubishi

Melsec L26cpu \(p\)bt Firmware by Mitsubishi

Melsec L26cpu\( P\) Firmware by Mitsubishi

Melsec Mr Mq100 Firmware by Mitsubishi

Melsec Q03udecpu Firmware by Mitsubishi

Melsec Q03udvcpu Firmware by Mitsubishi

Melsec Q04udecpu Firmware by Mitsubishi

Melsec Q04udpvcpu Firmware by Mitsubishi

Melsec Q04udvcpu Firmware by Mitsubishi

Melsec Q06udecpu Firmware by Mitsubishi

Melsec Q06udpvcpu Firmware by Mitsubishi

Melsec Q06udvcpu Firmware by Mitsubishi

Melsec Q100udecpu Firmware by Mitsubishi

Melsec Q10udecpu Firmware by Mitsubishi

Melsec Q12dccpu V Firmware by Mitsubishi

Melsec Q13udecpu Firmware by Mitsubishi

Melsec Q13udpvcpu Firmware by Mitsubishi

Melsec Q13udvcpu Firmware by Mitsubishi

Melsec Q170mcpu Firmware by Mitsubishi

Melsec Q170mscpu\( S1\) Firmware by Mitsubishi

Melsec Q172dcpu S1 Firmware by Mitsubishi

Melsec Q172dscpu Firmware by Mitsubishi

Melsec Q173dcpu S1 Firmware by Mitsubishi

Melsec Q173dscpu Firmware by Mitsubishi

Melsec Q20udecpu Firmware by Mitsubishi

Melsec Q24dhccpu Ls Firmware by Mitsubishi

Melsec Q24dhccpu V\(g\) Firmware by Mitsubishi

Melsec Q26dhccpu Ls Firmware by Mitsubishi

Melsec Q26udecpu Firmware by Mitsubishi

Melsec Q26udpvcpu Firmware by Mitsubishi

Melsec Q26udvcpu Firmware by Mitsubishi

Melsec Q50udecpu Firmware by Mitsubishi