CVE-2020-16226

Name: CVE-2020-16226
Creator: NVD / NIST
Published: 2020-10-05T18:15:13.133+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 2.24%

Last modified Jun 17, 2026

CVE-2020-16226 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.. EPSS estimates a 2.24% chance of exploitation in the next 30 days.

Description

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.24%

80.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-342

Affected Software

Vendor	Product	Versions
Mitsubishielectric	Qj71mes96 Firmware	All versions
Mitsubishielectric	Qj71ws96 Firmware	All versions
Mitsubishielectric	Q06ccpu-V Firmware	All versions
Mitsubishielectric	Q24dhccpu-V Firmware	All versions
Mitsubishielectric	Q24dhccpu-Vg Firmware	All versions
Mitsubishielectric	R12ccpu-V Firmware	All versions
Mitsubishielectric	Rd55up06-V Firmware	All versions
Mitsubishielectric	Rd55up12-V Firmware	All versions
Mitsubishielectric	Rj71gn11-T2 Firmware	All versions
Mitsubishielectric	Rj71en71 Firmware	All versions
Mitsubishielectric	Qj71e71-100 Firmware	All versions
Mitsubishielectric	Lj71e71-100 Firmware	All versions
Mitsubishielectric	Qj71mt91 Firmware	All versions
Mitsubishielectric	Rd78gn\(N\=4\,8\,16\,32\,64\) Firmware	All versions
Mitsubishielectric	Rd78ghv Firmware	All versions
Mitsubishielectric	Rd78ghw Firmware	All versions
Mitsubishielectric	Nz2gacp620-60 Firmware	All versions
Mitsubishielectric	Nz2gacp620-300 Firmware	All versions
Mitsubishielectric	Nz2ft-Mt Firmware	All versions
Mitsubishielectric	Nz2ft-Eip Firmware	All versions
Mitsubishielectric	Q03udecpu Firmware	<= 22081
Mitsubishielectric	Qnudehcpu\(N\=04\/06\/10\/13\/20\/26\/50\/100\) Firmware	<= 22081
Mitsubishielectric	Qnudvcpu\(N\=03\/04\/06\/13\/26\) Firmware	<= 22031
Mitsubishielectric	Qnudpvcpu\(N\=04\/06\/13\/2\) Firmware	<= 22031
Mitsubishielectric	Lncpu\(-P\)\(N\=02\/06\/26\) Firmware	<= 22051
Mitsubishielectric	L26cpu-\(P\)Bt Firmware	<= 22051
Mitsubishielectric	Rncpu\(N\=00\/01\/02\)T Firmware	<= 18
Mitsubishielectric	Rncpu\(N\=04\/08\/16\/32\/120\) Firmware	<= 50
Mitsubishielectric	Rnencpu\(N\=04\/08\/16\/32\/120\) Firmware	<= 50
Mitsubishielectric	Rnsfcpu \(N\=08\/16\/32\/120\) Firmware	All versions
Mitsubishielectric	Rnpcpu\(N\=08\/16\/32\/120\) Firmware	All versions
Mitsubishielectric	Rnpsfcpu\(N\=08\/16\/32\/120\) Firmware	All versions
Mitsubishielectric	Fx5uc-32mt\/D Firmware	1.210
Mitsubishielectric	Fx5uc-32mt\/Dss Firmware	1.210
Mitsubishielectric	Fx5uc-32mt\/Ds-Ts Firmware	1.210
Mitsubishielectric	Fx5uc-32mt\/Dss-Ts Firmware	1.210
Mitsubishielectric	Fx5uj-24mr\/Es Firmware	1.000
Mitsubishielectric	Fx5uc-32mr\/Ds-Ts Firmware	1.210
Mitsubishielectric	Fx5uj-24mt\/Es Firmware	1.000
Mitsubishielectric	Fx5uj-24mt\/Ess Firmware	1.000
Mitsubishielectric	Fx5uj-40mr\/Es Firmware	1.000
Mitsubishielectric	Fx5uj-40mt\/Es Firmware	1.000
Mitsubishielectric	Fx5uj-40mt\/Ess Firmware	1.000
Mitsubishielectric	Fx5uj-60mr\/Es Firmware	1.000
Mitsubishielectric	Fx5uj-60mt\/Es Firmware	1.000
Mitsubishielectric	Fx5uj-60mt\/Ess Firmware	1.000
Mitsubishielectric	Fx5-Enet Firmware	All versions
Mitsubishielectric	Fx5-Enet\/Ip Firmware	All versions
Mitsubishielectric	Fx5-Enet-Adp Firmware	All versions
Mitsubishielectric	Fx3g-14mr\/Es Firmware	All versions

Showing 50 of 95 affected configurations. See NVD for the full list.

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01Third Party Advisory, US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01Third Party Advisory, US Government Resource

Timeline

Published: Oct 5, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-16226?

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

How severe is CVE-2020-16226?

CVE-2020-16226 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.24% probability of exploitation in the next 30 days.

How do I fix CVE-2020-16226?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-16226?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST