Mitsubishi Electric MELSEC iQ-R Series C Controller Module Uncontrolled Resource Consumption (CVE-2021-20600)

medium Tenable OT Security Plugin ID 500519


The remote OT asset is affected by a vulnerability.


Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. System reset is required for recovery.

This plugin only works with Tenable.ot.
Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Mitsubishi Electric recommends users update affected devices to Firmware Version 17 or later. For specific update instructions and additional details see the Mitsubishi Electric advisory.

If a System WDT error occurs at start up, there is a possibility the C Controller Module has been attacked. In this case, disconnect the LAN cable of the module and restart. After confirming the module has started normally, make a LAN connection.

Regardless of whether the above error occurred, Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting this vulnerability:

- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.

For specific update instructions and additional details see the Mitsubishi Electric advisory.

See Also

Plugin Details

Severity: Medium

ID: 500519

Version: 1.9

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2021-20600


Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:r12ccpu-v_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Ease: No known exploits are available

Patch Publication Date: 10/8/2021

Vulnerability Publication Date: 10/8/2021

Reference Information

CVE: CVE-2021-20600

CWE: 400