Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-20599
HistoryOct 14, 2021 - 3:15 p.m.

CVE-2021-20599

2021-10-1415:15:08
CWE-319
CWE-639
[email protected]
web.nvd.nist.gov
52
cve-2021-20599
cleartext transmission
melsec iq-r series
safety cpu
sil2 process cpu
remote code execution
nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions “26” and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions “11” and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Affected configurations

NVD
Node
mitsubishielectricr08sfcpu_firmware
AND
mitsubishielectricr08sfcpuMatch-
Node
mitsubishielectricr16sfcpu_firmware
AND
mitsubishielectricr16sfcpuMatch-
Node
mitsubishielectricr32sfcpu_firmware
AND
mitsubishielectricr32sfcpuMatch-
Node
mitsubishielectricr120sfcpu_firmware
AND
mitsubishielectricr120sfcpuMatch-
Node
mitsubishielectricr08psfcpu_firmware
AND
mitsubishielectricr08psfcpuMatch-
Node
mitsubishielectricr16psfcpu_firmware
AND
mitsubishielectricr16psfcpuMatch-
Node
mitsubishielectricr32psfcpu_firmware
AND
mitsubishielectricr32psfcpuMatch-
Node
mitsubishielectricr120psfcpu_firmware
AND
mitsubishielectricr120psfcpuMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series Safety CPU R08SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R16SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R32SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R120SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R16PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R32PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R120PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  }
]

Related

prion 1
vulnrichment 1
nessus 1
ics 1
cvelist 1
nvd 1
prion
prion
Default credentials
2021-10-14 15:15:00
vulnrichment
vulnrichment
CVE-2021-20599
2021-10-14 00:00:00
nessus
nessus
Mitsubishi Electric MELSEC iQ-R Series Cleartext Transmission of Sensitive Information (CVE-2021-20599)
2022-02-07 00:00:00
ics
ics
Mitsubishi Electric MELSEC iQ-R Series (Update B)
2024-04-18 12:00:00
cvelist
cvelist
CVE-2021-20599
2021-10-14 00:00:00
nvd
nvd
CVE-2021-20599
2021-10-14 15:15:08

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON
Related for CVE-2021-20599
prion1vulnrichment1nessus1ics1cvelist1nvd1