CVE-2020-16226

Mitsubishi Electric Multiple Products

Description

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.21%
Third-Party Advisory cisa.gov
Affected: Mitsubishi Electric QJ71MES96
Affected: Mitsubishi Electric QJ71WS96
Affected: Mitsubishi Electric Q06CCPU-V
Affected: Mitsubishi Electric Q24DHCCPU-V
Affected: Mitsubishi Electric Q24DHCCPU-VG
Affected: Mitsubishi Electric R12CCPU-V
Affected: Mitsubishi Electric RD55UP06-V,
Affected: Mitsubishi Electric D55UP12-V
Affected: Mitsubishi Electric RJ71GN11-T2
Affected: Mitsubishi Electric RJ71EN71
Affected: Mitsubishi Electric QJ71E71-100
Affected: Mitsubishi Electric LJ71E71-100
Affected: Mitsubishi Electric QJ71MT91
Affected: Mitsubishi Electric RD78Gn(n=4,8,16,32,64)
Affected: Mitsubishi Electric RD78GHV
Affected: Mitsubishi Electric RD78GHW
Affected: Mitsubishi Electric NZ2GACP620-60
Affected: Mitsubishi Electric NZ2GACP620-300
Affected: Mitsubishi Electric NZ2FT-MT
Affected: Mitsubishi Electric NZ2FT-EIP
Affected: Mitsubishi Electric Q03UDECPU
Affected: Mitsubishi Electric QnUDEHCPU(n=04/06/10/13/20/26/50/100)
Affected: Mitsubishi Electric QnUDVCPU(n=03/04/06/13/26)
Affected: Mitsubishi Electric QnUDPVCPU(n=04/06/13/2)
Affected: Mitsubishi Electric LnCPU(-P)(n=02/06/26)
Affected: Mitsubishi Electric L26CPU-(P)BT
Affected: Mitsubishi Electric RnCPU(n=00/01/02)
Affected: Mitsubishi Electric RnCPU(n=04/08/16/32/120)
Affected: Mitsubishi Electric RnENCPU(n=04/08/16/32/120)
Affected: Mitsubishi Electric RnSFCPU (n=08/16/32/120)
Affected: Mitsubishi Electric RnPCPU(n=08/16/32/120)
Affected: Mitsubishi Electric RnPSFCPU(n=08/16/32/120)
Affected: Mitsubishi Electric FX5U(C)-**M*/**
Affected: Mitsubishi Electric FX5UC-32M*/**-TS
Affected: Mitsubishi Electric FX5UJ-**M*/**
Affected: Mitsubishi Electric FX5-ENET
Affected: Mitsubishi Electric FX5-ENET/IP
Affected: Mitsubishi Electric FX3U-ENET-ADP
Affected: Mitsubishi Electric FX3GE-**M*/**
Affected: Mitsubishi Electric FX3U-ENET
Affected: Mitsubishi Electric FX3U-ENET-L
Affected: Mitsubishi Electric FX3U-ENET-P502
Affected: Mitsubishi Electric FX5-CCLGN-MS
Affected: Mitsubishi Electric IU1-1M20-D
Affected: Mitsubishi Electric LE7-40GU-L
Affected: Mitsubishi Electric GOT2000 Series GT21 Model
Affected: Mitsubishi Electric GS Series
Affected: Mitsubishi Electric GOT1000 Series GT14 Model
Affected: Mitsubishi Electric GT25-J71GN13-T2
Affected: Mitsubishi Electric FR-A800-E Series
Affected: Mitsubishi Electric FR-F800-E Series
Affected: Mitsubishi Electric FR-A8NCG
Affected: Mitsubishi Electric FR-E800-EPA Series
Affected: Mitsubishi Electric FR-E800-EPB Series
Affected: Mitsubishi Electric Conveyor Tracking Application
Affected: Mitsubishi Electric MR-JE-C
Affected: Mitsubishi Electric MR-J4-TM
Published at:
Updated at:

References

Link Tags
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2020-16226?
CVE-2020-16226 has been scored as a critical severity vulnerability.
How to fix CVE-2020-16226?
To fix CVE-2020-16226, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-16226 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-16226 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-16226?
CVE-2020-16226 affects Mitsubishi Electric QJ71MES96, Mitsubishi Electric QJ71WS96, Mitsubishi Electric Q06CCPU-V, Mitsubishi Electric Q24DHCCPU-V, Mitsubishi Electric Q24DHCCPU-VG, Mitsubishi Electric R12CCPU-V, Mitsubishi Electric RD55UP06-V,, Mitsubishi Electric D55UP12-V, Mitsubishi Electric RJ71GN11-T2, Mitsubishi Electric RJ71EN71, Mitsubishi Electric QJ71E71-100, Mitsubishi Electric LJ71E71-100, Mitsubishi Electric QJ71MT91, Mitsubishi Electric RD78Gn(n=4,8,16,32,64), Mitsubishi Electric RD78GHV, Mitsubishi Electric RD78GHW, Mitsubishi Electric NZ2GACP620-60, Mitsubishi Electric NZ2GACP620-300, Mitsubishi Electric NZ2FT-MT, Mitsubishi Electric NZ2FT-EIP, Mitsubishi Electric Q03UDECPU, Mitsubishi Electric QnUDEHCPU(n=04/06/10/13/20/26/50/100), Mitsubishi Electric QnUDVCPU(n=03/04/06/13/26), Mitsubishi Electric QnUDPVCPU(n=04/06/13/2), Mitsubishi Electric LnCPU(-P)(n=02/06/26), Mitsubishi Electric L26CPU-(P)BT, Mitsubishi Electric RnCPU(n=00/01/02), Mitsubishi Electric RnCPU(n=04/08/16/32/120), Mitsubishi Electric RnENCPU(n=04/08/16/32/120), Mitsubishi Electric RnSFCPU (n=08/16/32/120), Mitsubishi Electric RnPCPU(n=08/16/32/120), Mitsubishi Electric RnPSFCPU(n=08/16/32/120), Mitsubishi Electric FX5U(C)-**M*/**, Mitsubishi Electric FX5UC-32M*/**-TS, Mitsubishi Electric FX5UJ-**M*/**, Mitsubishi Electric FX5-ENET, Mitsubishi Electric FX5-ENET/IP, Mitsubishi Electric FX3U-ENET-ADP, Mitsubishi Electric FX3GE-**M*/**, Mitsubishi Electric FX3U-ENET, Mitsubishi Electric FX3U-ENET-L, Mitsubishi Electric FX3U-ENET-P502, Mitsubishi Electric FX5-CCLGN-MS, Mitsubishi Electric IU1-1M20-D, Mitsubishi Electric LE7-40GU-L, Mitsubishi Electric GOT2000 Series GT21 Model, Mitsubishi Electric GS Series, Mitsubishi Electric GOT1000 Series GT14 Model, Mitsubishi Electric GT25-J71GN13-T2, Mitsubishi Electric FR-A800-E Series, Mitsubishi Electric FR-F800-E Series, Mitsubishi Electric FR-A8NCG, Mitsubishi Electric FR-E800-EPA Series, Mitsubishi Electric FR-E800-EPB Series, Mitsubishi Electric Conveyor Tracking Application, Mitsubishi Electric MR-JE-C, Mitsubishi Electric MR-J4-TM.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.