Description
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R08SFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R series Safety CPU R16SFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R series Safety CPU R32SFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R series Safety CPU R120SFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R series SIL2 Process CPU R16PSFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R series SIL2 Process CPU R32PSFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R series SIL2 Process CPU R120PSFCPU | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2021-8017 | Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. |
References
History
Wed, 25 Feb 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mitsubishielectric melsec Iq-r08sfcpu
|
|
| CPEs | cpe:2.3:h:mitsubishielectric:melsec_iq-r08sfcpu:-:*:*:*:*:*:*:* | |
| Vendors & Products |
Mitsubishielectric melsec Iq-r08sfcpu
|
|
| Metrics |
ssvc
|
Subscriptions
Mitsubishielectric
Subscribe
Melsec Iq-r08sfcpu
Subscribe
R08psfcpu
Subscribe
R08psfcpu Firmware
Subscribe
R08sfcpu
Subscribe
R08sfcpu Firmware
Subscribe
R120psfcpu
Subscribe
R120psfcpu Firmware
Subscribe
R120sfcpu
Subscribe
R120sfcpu Firmware
Subscribe
R16psfcpu
Subscribe
R16psfcpu Firmware
Subscribe
R16sfcpu
Subscribe
R16sfcpu Firmware
Subscribe
R32psfcpu
Subscribe
R32psfcpu Firmware
Subscribe
R32sfcpu
Subscribe
R32sfcpu Firmware
Subscribe
MITRE
Status: PUBLISHED
Assigner: Mitsubishi
Published:
Updated: 2024-08-03T17:45:44.681Z
Reserved: 2020-12-17T00:00:00.000Z
Link: CVE-2021-20599
Vulnrichment
Updated: 2024-08-03T17:45:44.681Z
NVD
Status : Modified
Published: 2021-10-14T15:15:08.827
Modified: 2024-11-21T05:46:51.317
Link: CVE-2021-20599
Redhat
No data.
OpenCVE Enrichment
No data.