July 7, 2020

CISA has updated this advisory with additional details on the vulnerability and mitigation measures. This advisory was initially published on June 23, 2020. Read the advisory at CISA.

June 23, 2020

CISA has published an advisory on a cleartext transmission of sensitive information vulnerability in Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules. All versions of these products are affected. Successful exploitation of this vulnerability could allow information disclosure, information tampering, unauthorized operation, or a denial-of-service condition. Mitsubishi Electric recommends encrypting the communication path by setting up a VPN to mitigate the impact of this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.