Lucene search

[email protected]CVE-2021-20591

HistoryJun 11, 2021 - 4:15 p.m.

CVE-2021-20591

2021-06-1116:15:08

CWE-400

[email protected]

web.nvd.nist.gov

cve-2021-20591

uncontrolled resource consumption

mitsubishi electric

melsec

iq-r

cpu modules

denial of service

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.6%

JSON

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.

Affected configurations

NVD

Node

mitsubishielectricr00cpu_firmware

AND

mitsubishielectricr00cpuMatch-

Node

mitsubishielectricr01cpu_firmware

AND

mitsubishielectricr01cpuMatch-

Node

mitsubishielectricr02cpu_firmware

AND

mitsubishielectricr02cpuMatch-

Node

mitsubishielectricr04cpu_firmware

AND

mitsubishielectricr04cpuMatch-

Node

mitsubishielectricr08cpu_firmware

AND

mitsubishielectricr08cpuMatch-

Node

mitsubishielectricr16cpu_firmware

AND

mitsubishielectricr16cpuMatch-

Node

mitsubishielectricr32cpu_firmware

AND

mitsubishielectricr32cpuMatch-

Node

mitsubishielectricr120cpu_firmware

AND

mitsubishielectricr120cpuMatch-

Node

mitsubishielectricr08sfcpu_firmware

AND

mitsubishielectricr08sfcpuMatch-

Node

mitsubishielectricr16sfcpu_firmware

AND

mitsubishielectricr16sfcpuMatch-

Node

mitsubishielectricr32sfcpu_firmware

AND

mitsubishielectricr32sfcpuMatch-

Node

mitsubishielectricr120sfcpu_firmware

AND

mitsubishielectricr120sfcpuMatch-

Node

mitsubishielectricr08pcpu_firmware

AND

mitsubishielectricr08pcpuMatch-

Node

mitsubishielectricr16pcpu_firmware

AND

mitsubishielectricr16pcpuMatch-

Node

mitsubishielectricr32pcpu_firmware

AND

mitsubishielectricr32pcpuMatch-

Node

mitsubishielectricr120pcpu_firmware

AND

mitsubishielectricr120pcpuMatch-

Node

mitsubishielectricr08psfcpu_firmware

AND

mitsubishielectricr08psfcpuMatch-

Node

mitsubishielectricr16psfcpu_firmware

AND

mitsubishielectricr16psfcpuMatch-

Node

mitsubishielectricr32psfcpu_firmware

AND

mitsubishielectricr32psfcpuMatch-

Node

mitsubishielectricr120psfcpu_firmware

AND

mitsubishielectricr120psfcpuMatch-

CPENameOperatorVersion
mitsubishielectric:r00cpu_firmwaremitsubishielectric r00cpu firmwareeq*

CPE	Name	Operator	Version
mitsubishielectric:r00cpu_firmware	mitsubishielectric r00cpu firmware	eq	*

CNA Affected

[
  {
    "product": "MELSEC iQ-R series CPU modules",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU98060539/index.html

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.6%

JSON

Related for CVE-2021-20591

cvelist1 ics1 nvd1 nessus1 prion1