Lucene search

K
cve[email protected]CVE-2021-20599
HistoryOct 14, 2021 - 3:15 p.m.

CVE-2021-20599

2021-10-1415:15:08
CWE-319
CWE-639
web.nvd.nist.gov
52
cve-2021-20599
cleartext transmission
melsec iq-r series
safety cpu
sil2 process cpu
remote code execution
nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions “26” and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions “11” and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Affected configurations

NVD
Node
mitsubishielectricr08sfcpu_firmware
AND
mitsubishielectricr08sfcpuMatch-
Node
mitsubishielectricr16sfcpu_firmware
AND
mitsubishielectricr16sfcpuMatch-
Node
mitsubishielectricr32sfcpu_firmware
AND
mitsubishielectricr32sfcpuMatch-
Node
mitsubishielectricr120sfcpu_firmware
AND
mitsubishielectricr120sfcpuMatch-
Node
mitsubishielectricr08psfcpu_firmware
AND
mitsubishielectricr08psfcpuMatch-
Node
mitsubishielectricr16psfcpu_firmware
AND
mitsubishielectricr16psfcpuMatch-
Node
mitsubishielectricr32psfcpu_firmware
AND
mitsubishielectricr32psfcpuMatch-
Node
mitsubishielectricr120psfcpu_firmware
AND
mitsubishielectricr120psfcpuMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series Safety CPU R08SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R16SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R32SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series Safety CPU R120SFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"26\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R16PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R32PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R series SIL2 Process CPU R120PSFCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware versions \"11\" and prior"
      }
    ]
  }
]

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%