CVE-2020-16850

Name: CVE-2020-16850
Creator: NVD / NIST
Published: 2020-11-30T22:15:10.84+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.12%

Last modified Jun 17, 2026

CVE-2020-16850 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. EPSS estimates a 2.12% chance of exploitation in the next 30 days.

Description

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.12%

79.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mitsubishielectric	R00cpu Firmware	<= 20
Mitsubishielectric	R01cpu Firmware	<= 20
Mitsubishielectric	R02cpu Firmware	<= 20
Mitsubishielectric	R04cpu Firmware	<= 52
Mitsubishielectric	R08cpu Firmware	<= 52
Mitsubishielectric	R16cpu Firmware	<= 52
Mitsubishielectric	R32cpu Firmware	<= 52
Mitsubishielectric	R120cpu Firmware	<= 52
Mitsubishielectric	R08sfcpu Firmware	<= 22
Mitsubishielectric	R16sfcpu Firmware	<= 22
Mitsubishielectric	R32sfcpu Firmware	<= 22
Mitsubishielectric	R120sfcpu Firmware	<= 22
Mitsubishielectric	R08pcpu Firmware	All versions
Mitsubishielectric	R16pcpu Firmware	All versions
Mitsubishielectric	R32pcpu Firmware	All versions
Mitsubishielectric	R120pcpu Firmware	All versions
Mitsubishielectric	R16mtcpu Firmware	All versions
Mitsubishielectric	R32mtcpu Firmware	All versions
Mitsubishielectric	R64mtcpu Firmware	All versions

References

https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-seriesThird Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02Third Party Advisory, US Government Resource
https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-seriesThird Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02Third Party Advisory, US Government Resource

Timeline

Published: Nov 30, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-16850?

How severe is CVE-2020-16850?

CVE-2020-16850 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.12% probability of exploitation in the next 30 days.

How do I fix CVE-2020-16850?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-16850?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST