Lucene search

[email protected]CVE-2020-5652

HistoryNov 02, 2020 - 9:15 p.m.

CVE-2020-5652

2020-11-0221:15:33

CWE-400

[email protected]

web.nvd.nist.gov

cve-2020-5652

vulnerability

ethernet

melsec

iq-r

q series

l series

cpu

remote attacker

unauthenticated

denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions ‘20’ and earlier, R 04/08/16/32/120 (EN) CPU firmware versions ‘52’ and earlier, R 08/16/32/120 SFCPU firmware versions ‘22’ and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number ‘22081’ and earlier , Q 03/04/06/13/26 UDVCPU serial number ‘22031’ and earlier, Q 04/06/13/26 UDPVCPU serial number ‘22031’ and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

Affected configurations

NVD

Node

mitsubishielectricmelsec_q-q04udpvcpuMatch-

AND

mitsubishielectricmelsec_q-q04udpvcpu_firmwareMatch22031

Node

mitsubishielectricmelsec_q-q06udpvcpuMatch-

AND

mitsubishielectricmelsec_q-q06udpvcpu_firmwareMatch22031

Node

mitsubishielectricmelsec_q-q13udpvcpuMatch-

AND

mitsubishielectricmelsec_q-q13udpvcpu_firmwareMatch22031

Node

mitsubishielectricmelsec_q-q26udpvcpuMatch-

AND

mitsubishielectricmelsec_q-q26udpvcpu_firmwareMatch22031

Node

mitsubishielectricmelsec_q-q03udvcpuMatch-

AND

mitsubishielectricmelsec_q-q03udvcpu_firmwareMatch22031

Node

mitsubishielectricmelsec_q-q04udvcpuMatch-

AND

mitsubishielectricmelsec_q-q04udvcpu_firmwareMatch22031

Node

mitsubishielectricmelsec_q-q13udvcpuMatch-

AND

mitsubishielectricmelsec_q-q13udvcpu_firmwareMatch22031

Node

mitsubishielectricmelsec_q-q26udvcpuMatch-

AND

mitsubishielectricmelsec_q-q26udvcpu_firmwareMatch22031

Node

mitsubishielectricmelsec_q-q03udecpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q03udecpuMatch-

Node

mitsubishielectricmelsec_q-q04udehcpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q04udehcpuMatch-

Node

mitsubishielectricmelsec_q-q06udehcpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q06udehcpuMatch-

Node

mitsubishielectricmelsec_q-q10udehcpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q10udehcpuMatch-

Node

mitsubishielectricmelsec_q-q13udehcpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q13udehcpuMatch-

Node

mitsubishielectricmelsec_q-q20udehcpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q20udehcpuMatch-

Node

mitsubishielectricmelsec_q-q26udehcpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q26udehcpuMatch-

Node

mitsubishielectricmelsec_q-q50udehcpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q50udehcpuMatch-

Node

mitsubishielectricmelsec_q-q100udehcpu_firmwareMatch22081

AND

mitsubishielectricmelsec_q-q100udehcpuMatch-

Node

mitsubishielectricmelsec_iq-r08sfcpu_firmwareMatch22

AND

mitsubishielectricmelsec_iq-r08sfcpuMatch-

Node

mitsubishielectricmelsec_iq-r16sfcpu_firmwareMatch22

AND

mitsubishielectricmelsec_iq-r16sfcpuMatch-

Node

mitsubishielectricmelsec_iq-r32sfcpu_firmwareMatch22

AND

mitsubishielectricmelsec_iq-r32sfcpuMatch-

Node

mitsubishielectricmelsec_iq-r120sfcpu_firmwareMatch22

AND

mitsubishielectricmelsec_iq-r120sfcpuMatch-

Node

mitsubishielectricmelsec_iq-r04encpu_firmwareMatch52

AND

mitsubishielectricmelsec_iq-r04encpuMatch-

Node

mitsubishielectricmelsec_iq-r08encpu_firmwareMatch52

AND

mitsubishielectricmelsec_iq-r08encpuMatch-

Node

mitsubishielectricmelsec_iq-r16encpu_firmwareMatch52

AND

mitsubishielectricmelsec_iq-r16encpuMatch-

Node

mitsubishielectricmelsec_iq-r32encpu_firmwareMatch52

AND

mitsubishielectricmelsec_iq-r32encpuMatch-

Node

mitsubishielectricmelsec_iq-r120encpu_firmwareMatch52

AND

mitsubishielectricmelsec_iq-r120encpuMatch-

Node

mitsubishielectricmelsec_iq-r00cpu_firmwareMatch20

AND

mitsubishielectricmelsec_iq-r00cpuMatch-

Node

mitsubishielectricmelsec_iq-r01cpu_firmwareMatch20

AND

mitsubishielectricmelsec_iq-r01cpuMatch-

Node

mitsubishielectricmelsec_iq-r02cpu_firmwareMatch20

AND

mitsubishielectricmelsec_iq-r02cpuMatch-

Node

mitsubishielectricmelsec_iq-r08pcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r08pcpuMatch-

Node

mitsubishielectricmelsec_iq-r08psfcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r08psfcpuMatch-

Node

mitsubishielectricmelsec_iq-r120pcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r120pcpuMatch-

Node

mitsubishielectricmelsec_iq-r120psfcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r120psfcpuMatch-

Node

mitsubishielectricmelsec_iq-r16mtcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r16mtcpuMatch-

Node

mitsubishielectricmelsec_iq-r16pcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r16pcpuMatch-

Node

mitsubishielectricmelsec_iq-r16psfcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r16psfcpuMatch-

Node

mitsubishielectricmelsec_iq-r32mtcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r32mtcpuMatch-

Node

mitsubishielectricmelsec_iq-r32pcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r32pcpuMatch-

Node

mitsubishielectricmelsec_iq-r32psfcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r32psfcpuMatch-

Node

mitsubishielectricmelsec_iq-r64mtcpu_firmwareMatch-

AND

mitsubishielectricmelsec_iq-r64mtcpuMatch-

Node

mitsubishielectricmelsec_l02cpu-p_firmwareMatch-

AND

mitsubishielectricmelsec_l02cpu-pMatch-

Node

mitsubishielectricmelsec_l06cpu-p_firmwareMatch-

AND

mitsubishielectricmelsec_l06cpu-pMatch-

Node

mitsubishielectricmelsec_l26cpu-p_firmwareMatch-

AND

mitsubishielectricmelsec_l26cpu-pMatch-

Node

mitsubishielectricmelsec_l26cpu-pbt_firmwareMatch-

AND

mitsubishielectricmelsec_l26cpu-pbtMatch-

Node

mitsubishielectricmelsec_q-q170mcpu_firmwareMatch-

AND

mitsubishielectricmelsec_q-q170mcpuMatch-

Node

mitsubishielectricmelsec_q-q170mscpu-s1_firmwareMatch-

AND

mitsubishielectricmelsec_q-q170mscpu-s1Match-

Node

mitsubishielectricmelsec_q-q172dcpu-s1_firmwareMatch-

AND

mitsubishielectricmelsec_q-q172dcpu-s1Match-

Node

mitsubishielectricmelsec_q-q172dscpu_firmwareMatch-

AND

mitsubishielectricmelsec_q-q172dscpuMatch-

Node

mitsubishielectricmelsec_q-q173dcpu-s1_firmwareMatch-

AND

mitsubishielectricmelsec_q-q173dcpu-s1Match-

Node

mitsubishielectricmelsec_q-q173dscpu_firmwareMatch-

AND

mitsubishielectricmelsec_q-q173dscpuMatch-

Node

mitsubishielectricmelsec_q-qmr-mq100_firmwareMatch-

AND

mitsubishielectricmelsec_q-qmr-mq100Match-

CPENameOperatorVersion
mitsubishielectric:melsec_q-q04udpvcpu_firmwaremitsubishielectric melsec q-q04udpvcpu firmwareeq22031

CPE	Name	Operator	Version
mitsubishielectric:melsec_q-q04udpvcpu_firmware	mitsubishielectric melsec q-q04udpvcpu firmware	eq	22031

CNA Affected

[
  {
    "product": "MELSEC iQ-R, Q and L series",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier, Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, and L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU96558207/index.html

www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2020-5652

prion1 ics1 cvelist1 nessus2 nvd1