Mitsubishi Electric iQ-R08PCPU
Easy fix5 remedies
cpe:2.3:h:mitsubishielectric:melsec_iq-r08pcpu:*:*:*:*:*:*:*, +3 more
Easy fix5 remedies
- <= 48
Mitsubishi Electric MELSEC iQ-R Series Improper Input Validation Vulnerability Allowing Data Manipulation and Denial-of-Service
Vulnerability
Patched
A vulnerability exists in the Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU, all running firmware versions 48 and prior. This vulnerability stems from improper validation of input quantities in the proprietary protocol and SLMP communication. It allows an unauthenticated attacker to read device data or parts of a control program, write device data, or cause a denial-of-service condition by sending specially crafted packets with specific commands to the affected product.
Impact
Exploitation of this vulnerability could lead to unauthorized reading or writing of device data, disclosure of parts of a control program, or a denial-of-service condition on the affected product.
Remediation
Users are advised to update the firmware to version 49 or later. The update file, engineering software for the firmware upgrade, and the manual can be downloaded from the Mitsubishi Electric FA website. For details on the firmware update process, refer to the MELSEC iQ-R Module Configuration Manual 'Appendix 2 Firmware Update Function'.
Added: Feb 5, 2026, 6:22 AM
Updated: Feb 5, 2026, 6:22 AM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
7.0remediation
7.9relevance
2.7threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.