CVE-2021-20610
Description
Improper handling of length parameter inconsistency in multiple Mitsubishi Electric PLC series allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition via specially crafted packets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper handling of length parameter inconsistency in multiple Mitsubishi Electric PLC series allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition via specially crafted packets.
Vulnerability
CVE-2021-20610 is an improper handling of length parameter inconsistency vulnerability in the Ethernet ports of Mitsubishi Electric MELSEC iQ-R, Q, L, and MELIPC series CPU modules and industrial computers [1][2]. The affected models include iQ-R series R00/01/02CPU (firmware v24 and prior), R04/08/16/32/120(EN)CPU (firmware v57 and prior), R08/16/32/120SFCPU (firmware v26 and prior), R08/16/32/120PCPU (firmware v29 and prior), R08/16/32/120PSFCPU (firmware v08 and prior), R16/32/64MTCPU (OS software v23 and prior), R12CCPU-V (firmware v16 and prior); Q series Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU (serial prefix 23121 and prior), Q03/04/06/13/26UDVCPU and Q04/06/13/26UDPVCPU (serial prefix 23071 and prior), Q12DCCPU-V, Q24DHCCPU-V(G), Q24/26DHCCPU-LS (serial prefix 24031 and prior), MR-MQ100 (OS software vF and prior), Q172/173DCPU-S1 (OS software vW and prior), Q172/173DSCPU (OS software vY and prior), Q170MCPU (OS software vW and prior), Q170MSCPU(-S1) (OS software vY and prior); L series L02/06/26CPU(-P), L26CPU-(P)BT (serial prefix 23121 and prior); and MELIPC series MI5122-VW (firmware v05 and prior) [1][2].
Exploitation
An attacker does not need authentication and can achieve exploitation over the network by sending specially crafted packets to the Ethernet port of an affected device [2]. The details of the packet sequence are not publicly disclosed in the available references, but the vulnerability requires low attack complexity and can be triggered remotely [2].
Impact
Successful exploitation results in a denial-of-service (DoS) condition on the target PLC [1][2]. The device becomes unresponsive and requires a physical or remote system reset to recover normal operation [1][2]. There is no indication of data compromise or privilege escalation in the referenced documents.
Mitigation
Mitsubishi Electric has not released firmware updates for all affected series as of the advisory publication date (2021-11-30) [1][2]. Users should refer to the vendor's security advisory for updates, apply network segmentation to limit exposure, and monitor the vendor's support site for patched versions [2]. No workaround is provided in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
71(expand)+ 17 more
- (no CPE)
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: Operating system software version "F" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "24031" and prior
- (no CPE)range: Operating system software version "Y" and prior
- (no CPE)range: Operating system software version "W" and prior
- (no CPE)range: Operating system software version "W" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "24031" and prior
- (no CPE)range: The first 5 digits of serial No. "24031" and prior
- (no CPE)range: The first 5 digits of serial No. "24031" and prior
- (no CPE)range: The first 5 digits of serial No. "24031" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
(expand)+ 29 more
- (no CPE)
- (no CPE)range: Firmware versions "24" and prior
- (no CPE)range: Firmware versions "24" and prior
- (no CPE)range: Firmware versions "24" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Firmware versions "29" and prior
- (no CPE)range: Firmware versions "08" and prior
- (no CPE)range: Firmware versions "26" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Firmware versions "29" and prior
- (no CPE)range: Firmware versions "08" and prior
- (no CPE)range: Firmware versions "26" and prior
- (no CPE)range: Firmware versions "16" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Operating system software version "23" and prior
- (no CPE)range: Firmware versions "29" and prior
- (no CPE)range: Firmware versions "08" and prior
- (no CPE)range: Firmware versions "26" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Firmware versions "57" and prior
- (no CPE)range: Operating system software version "23" and prior
- (no CPE)range: Firmware versions "29" and prior
- (no CPE)range: Firmware versions "08" and prior
- (no CPE)range: Firmware versions "26" and prior
- (no CPE)range: Operating system software version "23" and prior
- Range: Firmware versions "05" and prior
- Mitsubishi Electric Corporation/MELSEC L Series L02CPU-Pv5Range: The first 5 digits of serial No. "23121" and prior
- Mitsubishi Electric Corporation/MELSEC L Series L06CPU-Pv5Range: The first 5 digits of serial No. "23121" and prior
- Mitsubishi Electric Corporation/MELSEC L Series L26CPU-BTv5Range: The first 5 digits of serial No. "23121" and prior
- Mitsubishi Electric Corporation/MELSEC L Series L26CPU-Pv5Range: The first 5 digits of serial No. "23121" and prior
- Mitsubishi Electric Corporation/MELSEC L Series L26CPU-PBTv5Range: The first 5 digits of serial No. "23121" and prior
The first 5 digits of serial No. "23121" and prior+ 16 more
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
- (no CPE)range: The first 5 digits of serial No. "23121" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
- (no CPE)range: Operating system software version "W" and prior
- (no CPE)range: Operating system software version "Y" and prior
- (no CPE)range: Operating system software version "Y" and prior
- (no CPE)range: Operating system software version "Y" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
- (no CPE)range: The first 5 digits of serial No. "23071" and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdfmitrevendor-advisory
- jvn.jp/vu/JVNVU94434051/index.htmlmitregovernment-resource
- us-cert.cisa.gov/ics/advisories/icsa-21-334-02mitregovernment-resource
News mentions
0No linked articles in our index yet.