Factory Automation

FA Products SecurityVulnerability Information

Vulnerability status of Factory Automation Products

Please check here for the latest information on vulnerabilities in our Factory Automation products (Due to posting the link to ICSA information on FA site, there may be a time lag from the time of publication on the Melco's site.)
Mitsubishi Electric's Vulnerability Information open new window

Dispatch date of
Information
AFFECTED PRODUCTS Title / Detail Information Remarks
CVSS Score 3rd Party Advisory
release:2024/10/22 ・GENESIS64TM Version 10.97.3 and prior
・MC Works64 All versions
Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64TM and MC Works64PDF

7.8 To be updated
release:2024/10/17 ・M800V/M80V Series
・M800/M80/E80 Series
・C80 Series
・M700V/M70V/E70 Series
・Software Tools
Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC SeriesPDF

5.9 ICSA-24-291-03open new window
update: 2024/10/17
release:2024/07/02
・CVE-2023-2650 : GENESIS64TM Version 10.97.2
・CVE-2023-4807 : GENESIS64TM Version 10.97.2
・CVE-2024-1182 : GENESIS64TM all versions and MC Works64 all versions
・CVE-2024-1573 : GENESIS64TM Versions 10.97 to 10.97.2 and MC Works64 all versions
・CVE-2024-1574 : GENESIS64TM Versions 10.97 to 10.97.2 and MC Works64 all versions
Multiple Vulnerabilities in GENESIS64TM and MC Works64PDF

<Update history:October 17, 2024>
Added the Acknowledgement.

3.7-7.0 ICSA-24-184-03open new window
release:2024/10/01 FX5-OPC Denial-of-Service (DoS) Vulnerability due to OpenSSL Vulnerability in MELSEC iQ-F OPC UA UnitPDF

7.5 ICSA-24-275-02open new window
update: 2024/09/05
release:2022/12/22
MELSEC iQ-R, iQ-L Series and MELIPC Series Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC SeriesPDF

<Update history:September 5, 2024>
-Added module that has been fixed to "Affected products" and
"Countermeasures for Products".
-R08/16/32/120PSFCPU
Added annotation for L04/08/16/32HCPU in "Affected products".

<Update history:July 4, 2024>
-Revised description regarding the iQ-R series of "Countermeasures for Customers".
-Added description regarding the iQ-L series to "Countermeasures for Customers".
-Added module that has been fixed to "Countermeasures for Products".
L04/08/16/32HCPU

<Update history:May 30, 2024>
- "Countermeasures" devided into "Countermeasures for Customers" and "Countermeasures for Products".
- "Revised description regarding "Countermeasures for Customers".
- "Added module MI5122-VW that has been fixed to "Countermeasures for Products".

<Update history:December 12, 2023>
- "Added module R12CCPU-V that has been fixed to "Countermeasures".

<Update history:July 13, 2023>
- "Added modules R08/16/32/120SFCPU that have been fixed to "Countermeasures".

7.5 ICSA-22-356-03open new window
update: 2024/09/05
release:2020/10/29
MELSEC iQ-R, Q and L Series Denial-of-Service Vulnerability in Ethernet Port on CPU Module of MELSEC iQ-R, Q and L Series PDF

<Update history:September 5, 2024>
-Added Operating system version and serial number in "Overview".
-"Countermeasures" divided into "Countermeasures for
Customers" and"Countermeasures for Products".
-Corrected the firmware version of R 08/16/32/120 PCPU in
"Affected products" and "Countermeasures for Products".
-Added R08/16/32/10 PSFCPU in "Affected products" and
"Countermeasures for Products".
-Added annotation for MR-MQ100 in "Affected products".

<Update history:December 19, 2023>
Added the Acknowledgement.

<Update history:March 29, 2022>
Added the information of modules that have been fixed to "Affected products" and "Countermeasures".

<Update history:January 13, 2022>
Added modules that have been fixed to "Countermeasures".

<Update history:May 18, 2021>
Added R 08/16/32/120 PCPU that has been fixed to "Countermeasures".R 08/16/32/120 PSFCPU has been deleted from "Affected products".

7.5 ICSA-20-303-01 open new window
update: 2024/08/22
release:2020/10/08
MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port PDF

<Update history:August 22, 2024>
・Deleted R08/16/32/120PFSCPU from "Affected products" and "Countermeasures".
・Added the "CVSS".
・"Countermeasures" divided into "Countermeasures for Customers" and "Countermeasures for Products".
・Added the operating system software version in the "Overview"
・Corrected the firmware versions to operating system software versions in the "Affected products" and "Countermeasures for Products".

<Update history:May 18, 2021>
Added affected product(R08/16/32/120PSFCPU). Added R16/32/64MTCPU that has been fixed to "Countermeasures".

<Update history:February 18, 2021>
Added modules that have been fixed to “Countermeasures”.

<Update history:October 26, 2020>
Added modules that have been fixed to “Countermeasures”.

8.6 ICSA-20-282-02 open new window
release:2024/07/18 MELSOFT MaiLab
・SW1DND-MAILAB-M
・SW1DND-MAILABPR-M
Denial-of-Service (DoS) Vulnerability due to OpenSSL Vulnerability in MELSOFT MaiLabPDF

5.9 ICSA-24-200-01open new window
release:2024/07/04 MELIPC Series MI5122-VW
Firmware versions "05" to "07"
Malicious Code Execution Vulnerability
in MELIPC Series MI5122-VWPDF

8.8 ICSA-24-191-02open new window
update: 2024/07/04
release:2023/09/19
GX Works3, all versions Malicious Code Execution Vulnerability in FA Engineering Software ProductsPDF

<Update history:July 4, 2024>
-Added Affected products.
AL-PCS/WIN-E, CPU Module Logging Configuration Tool, EZSocket, FR Configurator2, FX Configurator-EN, FX Configurator-EN-L, FX Configurator-FP, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GT SoftGOT1000 Version3, GT SoftGOT2000 Version1, GX LogViewer, GX Works2, MELSOFT FieldDeviceConfigurator, MELSOFT iQ AppPortal, MELSOFT MaiLab, MELSOFT Navigator, MELSOFT Update Manager, MX Component, MX Sheet, PX Developer, RT ToolBox3, RT VisualBox, Data Transfer, Data Transfer Classic
-"Overview", "Description", and "Mitigations / Workarounds" are updated along with the addition of Affected products.

9.3 ICSA-23-269-03open new window
update: 2024/06/21
release:2024/02/20
・Wire-cut EDM
  MV/MP/MX Series
・Sinker EDM
  SV-P/SG Series
Remote Code Execution Vulnerability due to Microsoft Message Queuing in Electrical Discharge MachinesPDF

<Update history:June 21, 2024>
(Note)English and CISA will not be updated because only Japanese will be updated at this time.

<Update history:April 23, 2024>
Added Special Modification Patch information to "Countermeasures".

9.8 ICSA-24-051-03open new window
update:2024/06/13
release:2024/03/14
MELSEC-Q Series
MELSEC-L Series
Information Disclosure and Remote Code Execution Vulnerabilities in MELSEC-Q/L Series CPU ModulePDF

<Update history:June 13, 2024>
-Add modules that have been fixed to "Countermeasures for Products".
Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU,
Q03/04/06/13/26UDVCPU, Q04/06/13/26UDPVCPU

<Update history:May 16, 2024>
-"Countermeasures" divided into "Countermeasures for Customers" and "Countermeasures for Products".
-Add modules that have been fixed to "Countermeasures for Products".
L02/06/26CPU(-P), L26CPU-(P)BT

9.8 ICSA-24-074-14open new window
update: 2024/06/13
release:2020/08/31
TCP Protocol Stack Impact of Impersonation Vulnerability in TCP Protocol Stack PDF

<Update history:June 13, 2024>
Updated <Mitigations /Workarounds> for the following products
[1] All products
[2] All products
[3] All products
[4] All products
[5] All products
[6] All products
[7] All products
Revised <Countermeasures> for the following products to <Countermeasures for Customers> or <Countermeasures for Products>
[1] NZ2FT-MT, NZ2FT-EIP, Q03UDECPU, Q24DHCCPU-V, Q24DHCCPU-VG, QnUDEHCPU(n=04/06/10/13/20/26/50/100),
QnUDVCPU(n=03/04/06/13/26), QnUDPVCPU(n=04/06/13/26), LnCPU(-P)(n=02/06/26), L26CPU-(P)BT,
RnSFCPU(n=08/16/32/120), RnPSFCPU(n=08/16/32/120), R12CCPU-V, RD55UP06-V, RD55UP12-V, Q06CCPU-V,
QJ71E71-100, LJ71E71-100, QJ71MT91, QJ71MES96, QJ71WS96, FX5-ENET, FX5-ENET/IP, FX5-CCLGN-MS,
FX3UENET-ADP, FX3U-ENET, FX3U-ENET-L, FX3U-ENET-P502, FX3GE-**M*/**
[2] IU1-1M20-D
[4] GOT1000 Series GT14 Model
[5] FR-A800-E Series, FR-F800-E Series, FR-A8NCG, FR-E800-EPA Series, FR-E800-EPB Series
[6] Conveyor Tracking Application APR-nTR3FH, APR-nTR6FH, APR-nTR12FH, APR-nTR20FH(n=1/2)
[7] MR-J4-TM, MR-JE-C

<Update history:June 29, 2023>
Added fixed products([1], [2], [4], [6]and [7])

<Update history:September 22, 2022>
Added fixed product as below
[3] LE7-40GU-L

<Update history:May 24, 2022>
Added fixed products([1]and [4])

<Update history:August 24, 2021>
Added fixed products([1])

<Update history:May 18, 2021>
Added fixed products([1]and [4])

<Update history:February 18, 2021>
Add version information and/or fixed products([8]and [11])

<Update history:January 26, 2021>
Added information regarding fixed products([1] and [5])

<Update history:September 24, 2020>
Add affected products ([8] - [11])

7.3 ICSA-20-245-01 open new window
release:2024/06/04 CC-Link IE TSN Industrial Managed Switch
・NZ2MHG-TSNT8F2
・NZ2MHG-TSNT4
Denial-of-Service (DoS) Vulnerability due to OpenSSL Vulnerability in CC-Link IE TSN Industrial Managed SwitchPDF

2.7 ICSA-24-158-03open new window
update: 2024/06/04
release:2023/10/05
CC-Link IE TSN Industrial Managed Switch
・NZ2MHG-TSNT8F2
・NZ2MHG-TSNT4
Information Disclosure Vulnerability and Denial-of-Service (DoS) Vulnerability due to OpenSSL Vulnerabilities in CC-Link IE TSN Industrial Managed SwitchPDF

<Update history:June 4, 2024>
- " Added the affected firmware version and [How to check the version in use] to "Affected products".
- "Added the fixed firmware version and [Update steps] to "Countermeasures".

5.9-6.5 ICSA-23-278-03open new window
update: 2024/05/30
release:2022/06/14
MELSEC iQ-R, Q and L Series
MELIPC Series
Denial-of-Service Vulnerability in Ethernet Port of MELSEC and MELIPC SeriesPDF

<Update history:May 30, 2024>
- "Countermeasures" devided into "Countermeasures for Customers" and "Countermeasures for Products".
- "Revised description regarding "Countermeasures for Customers"

<Update history:July 27, 2023>
- "Added modules that have been fixed to "Countermeasures".
Q12DCCPU-V, Q24DHCCPU-V (G), Q24/26DHCCPU-LS

<Update history:August 16, 2022>
- "The title has been changed due to the addition of affected products.
- "Added modules(R12CCPU-V, Q12DCCPU-V, Q24DHCCPU-V (G), Q24/26DHCCPU-LS, MI5122-VW) to "Affected products".
- "Added modules(R12CCPU-V, Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, MI5122-VW) that have been fixed to "Countermeasures".

7.5 ICSA-22-172-01 open new window
update:2024/05/16
release:2024/02/13
・MELSEC iQ-R Series Safety CPUR08/16/32/120SFCPU all versions
・MELSEC iQ-R Series SIL2 Process CPUR08/16/32/120PSFCPU all versions
Information Disclosure Vulnerability in
MELSEC iQ-R Series Safety CPU and SIL2 Process CPU ModulePDF

<Update history:May 16, 2024>
-Changed from "Countermeasures" to "Countermeasures for Customers" and added countermeasures for customers.
-Added modules that have been fixed to "Workarounds".
R08/16/32/120PSFCPU

6.5 ICSA-24-044-01open new window
release:2024/05/14 GX Work3 Multiple Vulnerabilities due to Vulnerabilities in Jungo's WinDriver in Multiple FA Engineering Software ProductsPDF

4.4-6.0 ICSA-24-135-04open new window
update:2024/04/25
release:2023/06/01
MELSEC iQ-R Series EtherNet/IP module
RJ71EIP91 EtherNet/IP configuration tool
MELSEC iQ-F Series EtherNet/IP module
FX5-ENET/IP EtherNet/IP configuration tool
Multiple Vulnerabilities in MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration toolPDF

<Update history:April 25, 2024>
-"Countermeasures" were divided into "Countermeasures for Customers" and "Countermeasures for Products"
-Added modules that have been fixed to "Countermeasures for Products".
SW1DNN-EIPCT-BD
-"Mitigations/Workarounds" were divided into descriptions for each affected product, and added following product version information in the "Mitigations and Workarounds".
RJ71EIP91 firmware version "06" or later

6.2-7.5 ICSA-23-157-02open new window
update:2024/04/25
release:2023/05/23
MELSEC iQ-F Series
MELSEC iQ-R Series
Denial-of-Service and Malicious Code Execution Vulnerability in MELSEC Series CPU modulePDF

<Update history:April 25, 2024>
Revised description regarding “Countermeasures”

<Update history:March 14, 2024>
Added modules that have been fixed to “Countermeasures”.
R08/16/32/120SFCPU

<Update history:September 12, 2023>
Added modules that have been fixed to “Countermeasures”.
R08/16/32/120PCPU

<Update history:July 6, 2023>
Added modules to “Affected products”.
R00/01/02CPU, R04/08/16/32/120(EN)CPU, R08/16/32/120SFCPU, R08/16/32/120PCPU
Added modules that have been fixed to “Countermeasures”.
R00/01/02CPU, R04/08/16/32/120(EN)CP

10 ICSA-23-143-03open new window
update: 2024/04/18
release:2021/12/16
MELSEC Series Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of MELSEC Series Remote I/O PDF

<Update history:April 18, 2024>
Changed the description of countermeasures.

7.5 ICSA-21-217-01 open new window
update: 2024/04/18
release:2021/08/06
MELSEC iQ-R Series Authorization Bypass vulnerability in MELSEC iQ-R Series Safety CPU/SIL2 Process CPU Module PDF

<Update history:April 18, 2024>
Title changed.
Added a firmware version verification method.
“Countermeasures” devided into “Countermeasures for Customers“ and "Countermeasures for Products".
Added modules that have been fixed to “Countermeasures for Products”.
R08/16/32/120PSFCPU

<Update history:October 13, 2022>
・Added modules that have been fixed to “Countermeasures”.
R08/16/32/120SFCPU
・Vulnerability Type (CWE) was changed to Cleartext transmission of sensitive information (CWE-319)

<Update history:October 13, 2021>
・Correction of clerical errors.

<Update history:October 12, 2021>
・Added CVE ID and CVSS score.
・Modified part of descriptions of “Overview”, “Description”, “Impact” and “Countermeasures”.

9.1 ICSA-21-287-03 open new window
update: 2024/04/18
release:2021/08/05
MELSEC iQ-R Series Information disclosure vulnerability in MELSEC iQ-R Series CPU Module PDF

<Update history:April 18, 2024>
Added a firmware version verification method.
“Countermeasures” devided into “Countermeasures for Customers“ and "Countermeasures for Products".
Added modules that have been fixed to “Countermeasures for Products”.
R08/16/32/120PSFCPU

<Update history:October 13, 2022>
Added modules that have been fixed to “Countermeasures”.R08/16/32/120SFCPU

5.9 ICSA-21-250-01 open new window
update: 2024/04/18
release:2021/08/05
MELSEC iQ-R Series Unauthorized login vulnerability in MELSEC iQ-R Series CPU Module PDF

<Update history:April 18, 2024>
Added a firmware version verification method.
“Countermeasures” devided into “Countermeasures for Customers“ and "Countermeasures for Products".
Added modules that have been fixed to “Countermeasures for Products”.
R08/16/32/120PSFCPU

<Update history:October 13, 2022>
Added modules that have been fixed to “Countermeasures”.R08/16/32/120SFCPU

7.4 ICSA-21-250-01 open new window
release:2024/02/27 MELSEC iQ-F Series Denial-of-Service Vulnerability in Ethernet function of multiple FA productsPDF

5.3 ICSA-24-058-01open new window
update:2024/02/15
release:2023/11/02
MELSEC iQ-F Series F Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC Series CPU modulePDF

<Update history:February 15, 2024>
- The following series have been added to the affected products.
MELSEC iQ-R Series
- The "Overview", "Affected products", "Description", and "Mitigation/Workarounds" have been revised.

5.3 ICSA-23-306-02open new window
release:2024/01/30 ・EZSocket 3.0 and later
・FR Configurator2 All versions
・GT Designer3 Version1(GOT1000) All versions
・GT Designer3 Version1(GOT2000) All versions
・GX Works2 1.11M and later
・GX Works3 All versions
・MELSOFT Navigator 1.04E and later
・MT Works2 All versions
・MX Component 4.00A and later
・MX OPC Server DA/UA (Software packaged with MC Works64) All versions
Authentication Bypass Vulnerability and Remote Code Execution Vulnerability in Multiple FA Engineering Software ProductsPDF

7.5-9.8 ICSA-24-030-02open new window
release:2024/01/30 MELSEC WS Series Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface ModulePDF

5.9 ICSA-24-030-03open new window
update: 2024/01/30
release:2023/07/27
M800V/M80V Series
M800/M80/E80 Series
C80
M700V/M70V/E70 Series
IoT Unit
Denial of Service (DoS) and Malicious Code Execution Vulnerability in MITSUBISHI CNC SeriesPDF

<Update history:January 30, 2024>
Added C80 as a product that has been fixed to "Countermeasures".

<Update history:December 5, 2023>
Added products that have been fixed to "Countermeasures". Remote Service Gateway Unit

<Update history:November 21, 2023>
Added products that have been fixed to "Countermeasures".
M800VW, M800VS, M80V, M80VW, M750VW, M730VW/M720VW, M750VS, M730VS/M720VS, M70V, E70

<Update history:October 31, 2023>
Corrected Product and System Number of “Affected products”.
Corrected System Number of M730VS
Deleted M750VS 15-type and M730VS/M720VS 15-type
Added products that have been fixed to "Countermeasures".
M800W, M800S, M80, M80W, E80

<Update history:August 3, 2023>
Corrected "Product" and "System Number" of “Affected products” for M730VW/M720VW and M720VS. Added M750VW, M750VS, added M730VS, M750VS 15-type and M730VS/M720VS 15-type to the list “Affected products”.

9.8 ICSA-23-208-03open new window
release:2023/12/21 GT SoftGOT2000
OPC UA data collector
MX OPC Server UA
(Software packaged with
MC Works64)
OPC UA server unit
FX5-OPC
Multiple Vulnerabilities due to OpenSSL Vulnerabilities in multiple FA productsPDF

5.9-7.5 icsa-24-004-02open new window
update: 2023/12/12
release:2022/11/24
GX Works3, MX OPC UA Module Configurator-R Multiple Vulnerabilities in Multiple FA Engineering SoftwarePDF

<Update history:December 12, 2023>
- GX Works2 and GX Developer, those are not planned to be fixed, have been added to “Countermeasures”

<Update history:June 29, 2023>
The affected versions of following products have been modified in “Affected products”.
GX Works3, MX OPC UA Module Configurator-R
Countermeasure information for GX Works3 has been added to “Countermeasures”.
MX OPC UA Module Configurator-R has been added to “Countermeasures”.

<Update history:May 30, 2023>
GX Works2, GX Developer, GT Designer3 Version1 (GOT2000)
Motion Control Setting have been added to "Affected products",
"Overview" and " Impact" have been revised, overview of each vulnerability have been added to the “Description”, and fixed products have been added to “Countermeasures”.

3.7-9.1 ICSA-22-333-05open new window
release:2023/12/07 MELIPC Series
MELSEC iQ-R Series
MELSEC Q Series
Multiple Vulnerabilities in Multiple FA Engineering SoftwarePDF

2.5-5.3 ICSA-23-341-01open new window
release:2023/11/30 GX Works3 All versions
MELSOFT iQ AppPortal All versions
MELSOFT Navigator All versions
Motion Control Setting (*1) All versions
Malicious Code Execution Vulnerability in Multiple FA Engineering Software ProductsPDF

7.8 ICSA-23-334-04open new window
release:2023/11/21 GX Works2, all versions Denial-of-Service (DoS) Vulnerabilities in simulation function of GX Works2PDF

2.9 ICSA-23-331-03open new window
update: 2023/11/16
release:2022/12/13
GENESIS64TM : Version 10.97 to 10.97.2 Information Tampering Vulnerability in the project management function of GENESIS64TMPDF

<Update history:November 16, 2023>
Up dated the release status of the security patch for GENESIS64 TM Version 10.9 7.1

<Update history:August 3, 2023>
Updated the release status of the security patch for GENESIS64TM Version 10.97

<Update history:February 9, 2023>
Updated the release status of the security patch for GENESIS64TM Version 10.97.2, Version 10.97.1, Version 10.97

<Update history:December 27, 2022>
Updated the release status of the security patch for GENESIS64TM Version 10.97.2

6.3 ICSA-22-347-01open new window
update: 2023/11/09
release:2021/11/30
MELSEC and MELIPC Series Multiple Denial-of-Service Vulnerabilities in Ethernet port of MELSEC and MELIPC Series PDF

<Update history:November 9, 2023>
Added modules that have been fixed to “Countermeasures”.
Q172/173DSCPU, Q170MSCPU(-S1)

<Update history:April 24, 2023>
Corrected affected and fixed versions.
R08/16/32/120SFCPU

<Update history:November 24, 2022>
Added modules that have been fixed to “Countermeasures”.
R08/16/32/120SFCPU

<Update history:July 26, 2022>
Added modules that have been fixed to “Countermeasures”.
R12CCPU-V, MI5122-VW

<Update history:May 31, 2022>
Added modules that have been fixed to “Countermeasures”.
R08/16/32/120PSFCPU, R16/32/64MTCPU

<Update history:April 26, 2022>
Added modules that have been fixed to “Countermeasures”.
Q12DCCPU-V, Q24DHCCPU-V(G), Q24/26DHCCPU-LS, MR-MQ100, Q172/173DCPU-S1, Q170MCPU

<Update history:January 27, 2022>
Added modules that have been fixed to “Countermeasures”.
Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, L02/06/26CPU(-P), L26CPU-(P)BT Corrected product model name of “Affected products”
Q172/173DSCPU

7.5 ICSA-21-334-02 open new window
release:2023/11/02 MELSEC-F series
MELSEC iQ-F series
Denial-of-Service(DoS) Vulnerability in MELSEC SeriesPDF

9.1 ICSA-23-306-03open new window
release:2023/10/12 MELSEC-F series Information Disclosure, Information Tampering and Authentication
Bypass Vulnerability in MELSEC-F Series main modulePDF

9.1 ICSA-23-285-13open new window
update: 2023/08/30
release:2023/03/07
GENESIS64 Version 10.97.2 Multiple Denial-of-Service (DoS) Vulnerabilities in the BACnet® secure connect function of GENESIS64TMPDF

<Update history:August 30, 2023>
Added information of Remote Code Execution vulnerability (CVE-2022-3602) due to Buffer Copy without Checking Size of Input (CWE-120). Also changed the title of this advisory.

5.9 VU#794340open new window
update: 2023/08/22
release:2023/05/18
MELSEC WS Series Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface ModulePDF

<Update history:August 22, 2023>
Added a serial number that have been fixed to “Countermeasures”

7.5 ICSA-23-138-02open new window
release:2023/08/17 GENESIS64TM Version 10.97.2 Multiple Vulnerabilities due to OpenSSL Vulnerabilities in the BACnet® secure connect function of GENESIS64TMPDF

4.4-5.9 ​​ICSA-23-229-01open new window
release:2023/08/03 GT Designer3, GOT2000 Series, GOT SIMPLE Series and GT SoftGOT2000 Information Disclosure Vulnerability in Data Transfer Security Function on GT Designer3, GOT2000 Series, GOT SIMPLE Series and GT SoftGOT2000PDF

7.5 ICSA-23-215-02open new window
release:2023/08/03 GOT2000 Series and GOT SIMPLE Series Denial-of-Service (DoS) and Spoofing Vulnerability in FTP Server Function on GOT2000 Series and GOT SIMPLE SeriesPDF

5.9 ICSA-23-215-01open new window
update: 2023/08/03
release:2022/07/19
GENESIS64TM and MC Works64 Multiple Vulnerabilities in GENESIS64TM and MC Works64PDF

<Update history:August 3, 2023>
Added the security patch information for GENESIS64TM Version 10.97 in “Countermeasures”

<Update history:February 9, 2023>
Updated the release date of security patches for GENESIS64TM Version 10.97, MC Works64 Version 4.04E and MC Works64 Edge-computing Edition Version 4.04E

<Update history:December 15, 2022>
Updated the release date of security patches for GENESIS64TM Version 10.97, MC Works64 Version 4.04E and MC Works64 Edge-computing Edition Version 4.04E

<Update history:September 30, 2022>
Updated the release date of security patches for GENESIS64TM Version 10.97, MC Works64 Version 4.04E and MC Works64 Edge-computing Edition Version 4.04E

<Update history:August 30, 2022>
Added the security patch information for GENESIS64TM Version 10.97.1 in “Countermeasures”

7.5-9.8 ICSA-22-202-04 open new window
release:2023/06/29 MELSEC-F series Authentication Bypass Vulnerability in MELSEC-F Series main modulePDF

7.5 ICSA-23-180-04open new window
update: 2023/06/20
release:2023/03/02
MELSEC iQ-F Series
MELSEC iQ-R Series
MELSEC-Q Series
MELSEC-L Series
Information Disclosure Vulnerability in MELSEC SeriesPDF

<Update history:June 20, 2023>
Added modules to “Affected products”.
[MELSEC iQ-R Series]
R00/01/02CPU, R04/08/16/32/120(EN)CPU, R08/16/32/120SFCPU,
R08/16/32/120PCPU, R08/16/32/120PSFCPU, RJ71EN71, R12CCPU-V
[MELSEC-Q Series]
Q03UDECPU, Q04/06/10/13/20/26/50/100UEDHCPU,
Q03/04/06/13/26UDVCPU, Q04/06/13/26UDPVCPU, QJ71E71-100
[MELSEC-L Series]
L02/06/26CPU(-P), L26CPU-(P)BT, LJ71E71-100

7.5 ICSA-23-061-01open new window
release:2023/04/27 MELIPC, MELSEC iQ-R and MELSEC Q Series Multiple vulnerabilities due to Intel products in multiple FA products(April 2023)PDF

8.8 ICSA-23-122-01open new window
update: 2023/04/18
release:2023/01/17
MELSEC iQ-F/MELSEC iQ-R Series Authorization Bypass Vulnerability in WEB Server Function on MELSECPDF

<Update history:April 18, 2023>
Added modules that have been fixed to “Countermeasures”.R00/01/02CPU, R04/08/16/32/120(EN)CPU

<Update history:February 28, 2023>
Removed annotation of FX5S CPU module from "Affected products" and "Countermeasures".

<Update history:January 26, 2023>
Added modules(FX5UJ, FX5UJ-A, FX5S CPU module) to “Affected products”.
Added modules(FX5UJ, FX5UJ-A, FX5S CPU module) that have been fixed to “Countermeasures”.
Modified "authorization" to "authentication" in title, "Overview" and "Description"

5.9 ICSA-23-017-02open new window
update: 2023/04/11
release:2020/07/30
FA Engineering Software Products Malicious Code Execution Vulnerability in Multiple FA Engineering Software Products PDF

<Update history:April 11, 2023>
Added recommended actions for FR Configurator SW3, GT Designer2 Classic and MELSEC WinCPU Setting Utility to “Countermeasures"

<Update history:March 2, 2023>
Added Position Board utility 2 that has been fixed to “Countermeasures".

<Update history:November 17, 2022>
Added C Controller Interface Module utility and MELSOFT EM Software Development Kit that have been fixed to “Countermeasures".

<Update history:July 28, 2022>
Added MI Configurator, Setting/monitoring tools for the C Controller module (SW3PVC-CCPU) and Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) that have been fixed to “Countermeasures".

<Update history:May 24, 2022>
Added FR Configurator2, M_CommDTM-IO-Link, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility, Network Interface Board CC-Link Ver.2 Utility and Network Interface Board MNETH Utility that have been fixed to “Countermeasures".

<Update history:February 8, 2022>
Added CC-Link IE Control Network Data Collector, CC-Link IE Field Network Data Collector, CC-Link IE TSN Data Collector, MR Configurator2, MT Works2, MTConnect Data Collector and SLMP Data Collector that have been fixed to “Countermeasures".

<Update history:November 16, 2021>
Added MELFA-Works, RT ToolBox2 and RT ToolBox3 that have been fixed to “Countermeasures". Added CC-Link IE TSN Data Collector to “Affected Products”

<Update history:July 27, 2021>
Added GX Works2, MELSOFT Complete Clean Up Tool and MELSOFT Navigator that have been fixed to “Countermeasures".

<Update history:May 27, 2021>
Added EZSocket and PX Developer that have been fixed to “Countermeasures".

<Update history:January 14, 2021>
Added MELSOFT iQ AppPortal, MX Component and MX Sheet that have been fixed to “Countermeasures".

<Update history:November 5, 2020>
Added Data Transfer, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GT SoftGOT1000 Version3, GT SoftGOT2000 Version1, MX MESInterface, and MX MESInterface-R that have been fixed to “Countermeasures".

8.3 ICSA-20-212-04 open new window
update: 2023/02/28
release:2022/05/17
MELSEC iQ-F Series Multiple Denial-of-Service Vulnerabilities in MELSEC iQ-F Series CPU module PDF

<Update history:February 28 ,2023>
Removed annotation of FX5S CPU module from "Affected products" and "Countermeasures"

<Update history:May 31, 2022>
Added the information of modules that have been fixed to "Affected products" and "Countermeasures"

5.3-8.6 ICSA-22-139-01 open new window
release:2023/02/21 MELSOFT iQ AppPortal HTTP Request Smuggling Vulnerability and IP Address Authentication Bypass Vulnerability in MELSOFT iQ AppPortalPDF

9.8 ICSA-23-052-01open new window
release:2023/02/02 GOT2000 Series and GT SoftGOT2000 Leading users to unintended operation Vulnerability and Information Disclosure and Spoofing Vulnerability in GOT Mobile Function on GOT2000 Series and GT SoftGOT2000PDF

6.1-6.8 ICSA-23-033-02open new window
update: 2023/01/31
release:2022/08/02
FA Products Denial-of-Service (DoS) Vulnerability and Arbitrary Command Execution Vulnerability due to OpenSSL Vulnerabilities in Multiple FA Products PDF

<Update history:January 31, 2023>
Added the fixed firmware version and update steps of RD81OPC96 to “Countermeasures”

<Update history:November 1, 2022>
Added the fixed firmware version and update steps of NZ2MHG-TSNT8F2 and NZ2MHG-TSNT4 to “Countermeasures”.

<Update history:August 30, 2022>
Added NZ2MHG-TSNT4 to “Affected products”, “Countermeasures” and “Mitigations”

<Update history:August 18, 2022>
Added NZ2MHG-TSNT8F2 and RD81OPC96 to “Affected products”, “Countermeasures” and “Mitigations”.

7.5-9.8 ICSA-22-221-01 open new window
release:2023/01/26 MELFA SD/SQ series and F-series Authentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-seriesPDF

7.5 ICSA-23-026-05open new window
release:2022/11/29 MELSEC iQ-R Series RJ71EN71, R04/08/16/32/120ENCPU(Network Part) Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface ModulePDF

8.6 ICSA-22-335-01open new window
release:2022/11/24 GOT2000 Series GT27 mode,GT25 mode, GT23 mode Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 SeriesPDF

5.3 ICSA-22-333-01open new window
update: 2022/11/17
release:2021/02/18
FA Engineering Software Products Multiple Denial-of-Service Vulnerabilities in Multiple FA Engineering Software Products PDF

<Update history:November 17, 2022>
Added fixed product as below
MELSOFT EM Software Development Kit (EM Configurator)

<Update history:July 28, 2022>
Added fixed products as below
EZSocket, MI Configurator, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)Setting/monitoring tools for the C Controller module (SW3PVC-CCPU) has been removed from “Affected Products

<Update history:May 24, 2022>
Added fixed products as below
M_CommDTM-IO-Link, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility,Network Interface Board CC-Link Ver.2 Utility, Network Interface Board MNETH Utility

<Update history:February 8, 2022>
Added fixed products as below
MT Works2, MX Component, SLMP Data Collector

<Update history:November 16, 2021>
Added fixed products as below
MELFA-Works, MH11 SettingTool Version2, RT ToolBox2

<Update history:July 27, 2021>
Added fixed products as below
GX Developer, MELSOFT Navigator

<Update history:May 27, 2021>
Added fixed and affected products

7.5 ICSA-21-049-02 open new window
release:2022/11/15 GT SoftGOT2000 Arbitrary Command Execution Vulnerability due to OpenSSL Vulnerability in GT SoftGOT2000PDF

9.8 ICSA-22-319-01open new window
update: 2022/09/22
release:2020/07/30
FA Engineering Software Products Vulnerability due to Improper File Access Control in Multiple FA Engineering Software Products PDF

<Update history:September 22, 2022>
Added countermeasure for MELSEC WinCPU Setting Utility to “Countermeasures”.

<Update history:July 28, 2022>
Added MI Configurator, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) that have been fixed to “Countermeasures”.
Setting/monitoring tools for the C Controller module (SW3PVC-CCPU) has been removed from “Affected Products”

<Update history:May 24, 2022>
Added M_CommDTM-IO-Link, Network Interface Board CC IE Control Utility, Network Interface Board CC IE Field Utility, Network Interface Board CC-Link Ver.2 Utility and Network Interface Board MNETH utility that have been fixed to “Countermeasures”.

<Update history:December 17, 2020>
Added GT SoftGOT1000 Version3 that have been fixed to “Countermeasures”.

8.3 ICSA-20-212-02 open new window
update: 2022/07/28
release:2021/12/16
FA Engineering Software Multiple Denial-of-Service Vulnerabilities in Multiple FA Engineering Software PDF

<Update history:July 28, 2022>
Added EZSocket as a fixed product.

<Update history:June 30, 2022>
Added MELSOFT Navigator as a fixed product.

5.5 ICSA-21-350-05 open new window
update: 2022/07/28
release:2020/07/30
FA Products Malicious Code Execution Vulnerability in Multiple FA Products PDF

<Update history:July 28, 2022>
Added MI Configurator that has been fixed to “Countermeasures"

<Update history:May 27, 2022>
Added MELSEC iQ-R Series Motion Module that has been fixed to “Countermeasures".

<Update history:January 14, 2021>
Added MELSOFT iQ AppPortal, MELSOFT Navigator, MR Configurator2 and MX Component that have been fixed to “Countermeasures".

8.3 ICSA-20-212-03 open new window
update: 2022/07/07
release:2021/10/27
MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series C Controller Module PDF

<Update history:July 7, 2022>
・Updated the details of “Countermeasures”

<Update history:October 28, 2021>
・Modified part of descriptions of “Impact”.
・Correction of clerical errors.

6.8 ICSA-21-280-04 open new window
release:2022/06/02 MELSEC-Q/L Series and MELSEC iQ-R Series Denial of Service(DoS) and Remote Code Execution Vulnerability in MELSEC-Q/L Series Ethernet Interface Module and MELSEC iQ-R Series MES Interface Module PDF

8.1 ICSA-22-165-03 open new window
update: 2022/05/31
release:2022/03/31
iQ-F Series Authentication Bypass, Information Disclosure and Information Tampering Vulnerabilities in Multiple FA Products PDF

<Update history:May 31, 2022>
Added MELSEC iQ-R/Q/L series to “Affected products”.
Added MELSEC iQ-R/Q/L series product manual information to “Mitigations/Workarounds”.

5.9-7.4 ICSA-22-090-04 open new window
release:2022/05/12 MELSOFT iQ AppPortal Multiple vulnerabilities in MELSOFT iQ AppPortal PDF

5.5-9.8 ICSA-22-132-02 open new window
release:2022/05/10 MELSOFT GT OPC UA Client Information Disclosure and Denial-of-Service (DoS) Vulnerabilities due to OpenSSL vulnerabilities on MELSOFT GT OPC UA Client PDF

7.4-7.5 ICSA-22-130-06 open new window
update: 2022/05/10
release:2021/09/02
GOT Multiple vulnerabilities in Wireless Communication Standards IEEE 802.11 (Frag Attacks) PDF

<Update history:May 10, 2022>
Add fixed products as below
[4] [Wireless LAN communication unit for GOT]

<Update history:March 22, 2022>
Added "[4] [Wireless LAN communication unit for GOT]" to affected products.

2.6-7.5 ICSA-22-102-04 open new window
release:2022/04/07 MELSEC-Q Series Denial of Service(DoS) and Malicious Code Execution Vulnerability in DHCP client function on MELSEC-Q Series C Controller Module PDF

9.0 ICSA-22-102-02 open new window
update: 2022/04/07
release:2021/09/06
[Withdraw]Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of GOT and Tension Controller

<Update history:April 7, 2022>
This advisory was withdrawn because these issues are not vulnerabilities.

<Update history:October 5, 2021>
Added information to “Overview”, “CVSS”, “Description” and “Countermeasures”.

ICSA-21-278-01 open new window
release:2022/03/29 CC-Link IE TSN Configurator Impact of multiple vulnerabilities in Apache Log4j (Log4shell) PDF

5.9-10.0 Apache Log4j Vulnerability Guidance open new window
release:2022/02/15 Energy Saving Data Collecting Server (EcoWebServerIII) Multiple Vulnerabilities in web functions of Energy Saving Data Collecting Server (EcoWebServerIII) PDF

6.1
7.5
-
release:2022/01/20 GENESIS64 and MC Works64 Denial of Service (DoS) Vulnerability in database server of GENESIS64 and MC Works64 PDF

5.9 ICSA-22-020-01 open new window
release:2022/01/20 GENESIS64 and MC Works64 Information Disclosure Vulnerability in GENESIS64 and MC Works64 PDF

7.7 ICSA-22-020-01 open new window
release:2022/01/20 GENESIS64 and MC Works64 Authentication Bypass Vulnerability in Web communication function on GENESIS64 and MC Works64 PDF

9.8 ICSA-22-020-01 open new window
release:2022/01/20 MC Works64 Information Disclosure Vulnerability in MC Works64 mobile monitoring PDF

4.2 ICSA-22-020-01 open new window
update: 2022/01/20
release:2021/05/11
GOT and Tension Controller Denial-of-Service (DoS) Vulnerability in MODBUS/TCP slave communication function on GOT and Tension Controller PDF

<Update history:January 20, 2022>
For Tension Controller, added “Update procedure” and “Fixed Versions” to “Countermeasures”.

5.9 ICSA-21-131-02 open new window
update: 2022/01/20
release:2020/12/03
GOT and Tension Controller Denial-of-Service Vulnerability in TCP/IP Stack of GOT and Tension Controller PDF

<Update history:January 20, 2022>
For Tension Controller, added “How to check the versions in use” to “Affected products and version”. For Tension Controller, added “Update procedure” and “Fixed Versions” to “Countermeasures”.

<Update history:May 11, 2021>
Added “How to check the versions in use” to “Affected products and version” Added “Update procedure” and “Fixed Versions” to “Countermeasures”.

7.5 ICSA-20-343-02 open new window
release:2022/01/13 MELSEC-F Series Denial of Service (DoS) Vulnerability in MELSEC-F Series Ethernet interface block PDF

7.5 ICSA-22-013-01 open new window
ICSA-22-013-07 open new window
release:2022/01/13 MELSEC-F Series Denial of Service (DoS) and potential unspecified Vulnerability in MELSEC-F Series Ethernet interface block PDF

7.5 ICSA-22-013-01 open new window
ICSA-22-013-07 open new window
release:2021/12/16 GX Works2 Denial-of-Service (DoS) Vulnerability in GX Works2 PDF

5.3 ICSA-21-350-04 open new window
update: 2021/12/16
release:2020/11/19
MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port PDF

<Update history:December 16, 2021>
RJ71C24 (-R2/R4) has been removed from “Affected products” as it has been found not to be affected by this vulnerability.

<Update history:September 14, 2021>
Added RJ71GN11-T2 that has been fixed to “Countermeasures"

<Update history:May 18, 2021>
Added R08/16/32/120 PCPU and R08/16/32/120PSFCPU that have been fixed to “Countermeasures".

7.5 ICSA-20-324-05 open new window
release:2021/11/16 GOT2000 series,GOT SIMPLE series and GT SoftGOT2000 Information Tampering Vulnerability in GOT2000 series,GOT SIMPLE series and GT SoftGOT2000 PDF

7.5 ICSA-21-320-02 open new window
update: 2021/11/25
release:2021/10/21
GENESIS64 and MC Works64 Arbitrary code execution vulnerablity in AutoCAD (DWG) file import function of GENESIS64 and MC Works64 PDF

<Update history:November 25, 2021>
Added information about information disclosure vulnerability (CVE-2021-27040) due to Out-of bounds Read (CWE-125)

7.8 ICSA-21-294-01 open new window
release:2021/10/12 GENESIS64 and MC Works64 Denial of Service (DoS) Vulnerability in OPC UA communication function of GENESIS64 and MC Works64 PDF

7.5 ICSA-21-294-03 open new window
release:2021/08/05 MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series CPU Module PDF

3.7 ICSA-21-250-01 open new window
release:2021/07/27 GOT Denial-of-Service (DoS) Vulnerability in MODBUS/TCP slave communication function on GOT PDF

5.9 ICSA-21-208-02 open new window
update: 2021/07/27
release:2021/04/22
GOT Password authentication bypass vulnerability in VNC function of GOT PDF

<Update history:July 27, 2021>
Added “How to check the versions in use” to “Affected products”.Added “Update procedure” and “Fixed Versions” to “Countermeasures”.

5.9 ICSA-21-112-02 open new window
release:2021/07/20 MELSEC-F Series Denial of Service (DoS) Vulnerability in MELSEC-F Series Ethernet interface block PDF

7.5 ICSA-21-201-01 open new window
update:2021/06/17
release:2021/02/16
MELSOFT FieldDeviceConfigurator Arbitrary code execution vulnerability in MELSOFT FieldDeviceConfigurator product PDF

<Update history:June 17, 2021>
Added MELSOFT FieldDeviceConfigurator that has been fixed to “Affected products" and “Countermeasures".

7.3 ICSA-21-021-05 open new window
update: 2021/06/14
release:2020/06/18
MC Works 64 and MC Works 32 Denial of Service vulnerability and Remote Code Execution vulnerability in MC Works 64 and MC Works 32 PDF

<Update history:June 14, 2021>
-Updated the URL of the web page to download the security patch.
-Fixed errors in the description of the target version of the security patch.

<Update history:January 14, 2021>
Added Security Patches for MC Works64 Version 2.00A - 2.02C.

<Update history:December 8, 2020>
Added Security Patches for MC Works64 Version 3.00A - 3.04E.

<Update history:September 9, 2020>
Added Security Patches for MC Works64 Version 4.00A - 4.02C.

7.5 - 9.8 ICSA-20-170-02 open new window
release:2021/05/27 MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSOFT Transmission Port (TCP/IP) PDF

5.3 ICSA-21-147-05 open new window
update: 2021/05/18
release:2021/01/21
MELFA FR,CR Series and ASSISTA Denial-of-Service Vulnerability in Robot Controller of MELFA FR Series and CR Series as well as ASSISTA PDF

<Update history:May 18, 2021>
Modified the description of “Countermeasures”.Added the IP filter function to “Mitigations”.

7.5 ICSA-21-021-04 open new window
update: 2021/04/20
release:2020/06/09
MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port PDF

<Update history:April 20, 2021>
Modified part of descriptions of “Overview” and “Impact”.

<Update history:November 5, 2020>
Added modules that have been fixed to “Countermeasures”.

5.3 ICSA-20-161-02 open new window
release:2020/12/10 MELSEC iQ-F Series Denial-of-Service Vulnerability in Ethernet Port on CPU Module of MELSEC iQ-F Series PDF

7.4 ICSA-20-345-01 open new window
release:2020/11/12 MELSEC iQ-R Series Denial-of-Service Vulnerability in MELSEC iQ-R Series CPU Modules PDF

6.8 ICSA-20-317-01 open new window
release:2020/11/05 GOT1000 Series Multiple vulnerabilities in TCP/IP Stack on GT14 Model of GOT1000 Series PDF

5.3 - 9.8 ICSA-20-310-02 open new window
release:2020/10/29 MELSEC iQ-R Series Multiple Vulnerabilities in TCP/IP stack on MELSEC iQ-R Series Information/Network Module PDF

5.3 - 9.8 ICSA-20-303-02 open new window
release:2020/07/03 GOT2000 Series Multiple vulnerabilities in TCP/IP Stack on GOT2000 Series PDF

5.3 - 9.8 ICSA-20-189-02 open new window
release:2020/06/30 FA Engineering Software Products Multiple Vulnerabilities Due to Improper Handling of XML in Multiple FA Engineering Software Products PDF

7.5 ICSA-20-182-02 open new window
release:2020/06/23 MELSEC iQ-R, iQ-F, Q, L and FX series Vulnerability of Information Disclosure, Information Tampering, Unauthorized Operation and Denial-of-Service (DoS) between MELSEC iQ-R, iQ-F, Q, L and FX series CPU modules and GX Works3/GX Works2 PDF

10.0 ICSA-20-175-01 open new window
release:2020/03/30 MELSOFT Remote Access Vulnerability in MELSOFT Transmission Port (UDP/IP) PDF

5.3 ICSA-20-091-02 open new window
release:2020/02/14 MELSEC-Q Series C Controller Module,
MELSEC iQ-R Series C Controller Module / C Intelligent Function Module,
MELIPC Series MI5000
Multiple vulnerabilities in TCP/IP function on MELSEC C Controller Module and MELIPC Series MI5000 PDF

5.3 - 9.8 JVNVU#95424547 open new window
release:2019/11/07 MELSEC-Q Series, MELSEC-L Series Vulnerability of FTP server function on MELSEC Q/L Series CPU modules PDF

7.5 ICSA-19-311-01 open new window
release:2019/05/21 MELSEC-Q Series

Technical News

FA-A-0284-A: Vulnerabilities of MELSEC-Q Series Ethernet Interface Modules (Identified by External Institutions) PDF

7.5 ICSA-19-141-02 open new window
release:2016/12/01 MELSEC-Q Series

Technical News

FA-A-0230: Vulnerabilities of MELSEC-Q series Ethernet interface modules PDF

8.6 ICSA-16-336-03 open new window