Lucene search

[email protected]CVE-2020-5668

HistoryNov 20, 2020 - 4:15 a.m.

CVE-2020-5668

2020-11-2004:15:11

CWE-400

[email protected]

web.nvd.nist.gov

cve-2020-5668

uncontrolled resource consumption

melsec iq-r series

denial of service

dos

vulnerability

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

JSON

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version ‘19’ and earlier, R04/08/16/32/120 (EN) CPU firmware version ‘51’ and earlier, R08/16/32/120SFCPU firmware version ‘22’ and earlier, R08/16/32/120PCPU firmware version ‘25’ and earlier, R08/16/32/120PSFCPU firmware version ‘06’ and earlier, RJ71EN71 firmware version ‘47’ and earlier, RJ71GF11-T2 firmware version ‘47’ and earlier, RJ72GF15-T2 firmware version ‘07’ and earlier, RJ71GP21-SX firmware version ‘47’ and earlier, RJ71GP21S-SX firmware version ‘47’ and earlier, and RJ71GN11-T2 firmware version ‘11’ and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet

Affected configurations

NVD

Node

mitsubishielectricr00cpu_firmwareRange≤19

AND

mitsubishielectricr00cpuMatch-

Node

mitsubishielectricr01cpu_firmwareRange≤19

AND

mitsubishielectricr01cpuMatch-

Node

mitsubishielectricr02cpu_firmwareRange≤19

AND

mitsubishielectricr02cpuMatch-

Node

mitsubishielectricr04cpu_firmwareRange≤51

AND

mitsubishielectricr04cpuMatch-

Node

mitsubishielectricr08cpu_firmwareRange≤51

AND

mitsubishielectricr08cpuMatch-

Node

mitsubishielectricr16cpu_firmwareRange≤51

AND

mitsubishielectricr16cpuMatch-

Node

mitsubishielectricr32cpu_firmwareRange≤51

AND

mitsubishielectricr32cpuMatch-

Node

mitsubishielectricr120cpu_firmwareRange≤51

AND

mitsubishielectricr120cpuMatch-

Node

mitsubishielectricr08sfcpu_firmwareRange≤22

AND

mitsubishielectricr08sfcpuMatch-

Node

mitsubishielectricr16sfcpu_firmwareRange≤22

AND

mitsubishielectricr16sfcpuMatch-

Node

mitsubishielectricr32sfcpu_firmwareRange≤22

AND

mitsubishielectricr32sfcpuMatch-

Node

mitsubishielectricr120sfcpu_firmwareRange≤22

AND

mitsubishielectricr120sfcpuMatch-

Node

mitsubishielectricr08pcpu_firmwareRange≤25

AND

mitsubishielectricr08pcpuMatch-

Node

mitsubishielectricr16pcpu_firmwareRange≤25

AND

mitsubishielectricr16pcpuMatch-

Node

mitsubishielectricr32pcpu_firmwareRange≤25

AND

mitsubishielectricr32pcpuMatch-

Node

mitsubishielectricr120pcpu_firmwareRange≤25

AND

mitsubishielectricr120pcpuMatch-

Node

mitsubishielectricr08psfcpu_firmwareRange≤06

AND

mitsubishielectricr08psfcpuMatch-

Node

mitsubishielectricr16psfcpu_firmwareRange≤06

AND

mitsubishielectricr16psfcpuMatch-

Node

mitsubishielectricr32psfcpu_firmwareRange≤06

AND

mitsubishielectricr32psfcpuMatch-

Node

mitsubishielectricr120psfcpu_firmwareRange≤06

AND

mitsubishielectricr120psfcpuMatch-

Node

mitsubishielectricrj71en71_firmwareRange≤47

AND

mitsubishielectricrj71en71Match-

Node

mitsubishielectricrj71gf11-t2_firmwareRange≤47

AND

mitsubishielectricrj71gf11-t2Match-

Node

mitsubishielectricrj72gf15-t2_firmwareRange≤07

AND

mitsubishielectricrj72gf15-t2Match-

Node

mitsubishielectricrj71gp21-sx_firmwareRange≤47

AND

mitsubishielectricrj71gp21-sxMatch-

Node

mitsubishielectricrj71gp21s-sx_firmwareRange≤47

AND

mitsubishielectricrj71gp21s-sxMatch-

Node

mitsubishielectricrj71c24-r2_firmwareRange≤47

AND

mitsubishielectricrj71c24-r2Match-

Node

mitsubishielectricrj71c24-r4_firmwareRange≤47

AND

mitsubishielectricrj71c24-r4Match-

Node

mitsubishielectricrj71gn11-t2_firmwareRange≤11

AND

mitsubishielectricrj71gn11-t2Match-

CPENameOperatorVersion
mitsubishielectric:r00cpu_firmwaremitsubishielectric r00cpu firmwarele19

CPE	Name	Operator	Version
mitsubishielectric:r00cpu_firmware	mitsubishielectric r00cpu firmware	le	19

CNA Affected

[
  {
    "product": "MELSEC iQ-R",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU95980140/index.html

us-cert.cisa.gov/ics/advisories/icsa-20-324-05

www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-016.pdf

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-016_en.pdf

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2020-5668

ics1 prion1 nessus1 cvelist1 nvd1