CVE-2020-16226
high-risk
Published 2020-10-05
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.
Do I need to act?
-
0.48% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Qj71Mes96 Firmware
Qj71Ws96 Firmware
Q06Ccpu-V Firmware
Q24Dhccpu-V Firmware
Q24Dhccpu-Vg Firmware
R12Ccpu-V Firmware
Rd55Up06-V Firmware
Rd55Up12-V Firmware
Rj71Gn11-T2 Firmware
Rj71En71 Firmware
Qj71E71-100 Firmware
Lj71E71-100 Firmware
Qj71Mt91 Firmware
Rd78Gn\(N\=4\,8\,16\,32\,64\) Firmware
Rd78Ghv Firmware
Rd78Ghw Firmware
Nz2Gacp620-60 Firmware
Nz2Gacp620-300 Firmware
Nz2Ft-Mt Firmware
Nz2Ft-Eip Firmware
Affected Vendors
References (2)
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01
64
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
30/34 · Critical