Rewterz Threat Alert – Russian APT Gamaredon Using Template Injection
May 28, 2021Rewterz Threat Advisory – ICS: Siemens JT2Go and Teamcenter Visualization
May 28, 2021Rewterz Threat Alert – Russian APT Gamaredon Using Template Injection
May 28, 2021Rewterz Threat Advisory – ICS: Siemens JT2Go and Teamcenter Visualization
May 28, 2021Severity
Medium
Analysis Summary
CVE-2021-20591
The MELSEX iQ-R Series vulnerability allows an attacker to prevent legitimate clients from connecting to an affected product by manipulating the link parameter or changing its state. This is due to improper session management. However, if multiple MELSOFT transmission ports (TCP/IP) are open, the other ports are not affected. Sequence control is not affected by this vulnerability.
Impact
- Denial of Service
Affected Vendors
Mitsubishi Electric
Affected Products
- R00/01/02CPU: All versions
- R04/08/16/32/120(EN)CPU: All versions
- R08/16/32/120SFCPU: All versions
- R08/16/32/120PCPU: All versions
- R08/16/32/120PSFCPU: All versions
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches at https://us-cert.cisa.gov/ics/advisories/icsa-21-147-05