Lucene search

K
cve[email protected]CVE-2021-20599
HistoryOct 14, 2021 - 3:15 p.m.

CVE-2021-20599

2021-10-1415:15:08
CWE-319
CWE-639
web.nvd.nist.gov
52
cve-2021-20599
cleartext transmission
melsec iq-r series
safety cpu
sil2 process cpu
remote code execution
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions “26” and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions “11” and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Affected configurations

NVD
Node
mitsubishielectricr08sfcpu_firmware
AND
mitsubishielectricr08sfcpuMatch-
Node
mitsubishielectricr16sfcpu_firmware
AND
mitsubishielectricr16sfcpuMatch-
Node
mitsubishielectricr32sfcpu_firmware
AND
mitsubishielectricr32sfcpuMatch-
Node
mitsubishielectricr120sfcpu_firmware
AND
mitsubishielectricr120sfcpuMatch-
Node
mitsubishielectricr08psfcpu_firmware
AND
mitsubishielectricr08psfcpuMatch-
Node
mitsubishielectricr16psfcpu_firmware
AND
mitsubishielectricr16psfcpuMatch-
Node
mitsubishielectricr32psfcpu_firmware
AND
mitsubishielectricr32psfcpuMatch-
Node
mitsubishielectricr120psfcpu_firmware
AND
mitsubishielectricr120psfcpuMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series Safety CPU R08SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R16SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R32SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R120SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R16PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R32PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R120PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  }
]

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%