EUVD-2020-26817

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Improper access control in MELSEC iQ-R firmware allows remote attacks via crafted packets

Reporter	Title	Published	Views	Family All 7
CVE	CVE-2020-5656	30 Oct 202003:35	–	cve
Cvelist	CVE-2020-5656	30 Oct 202003:35	–	cvelist
ICS	Mitsubishi Electric MELSEC iQ-R	29 Oct 202000:00	–	ics
NVD	CVE-2020-5656	2 Nov 202021:15	–	nvd
Prion	Improper access control	2 Nov 202021:15	–	prion
RedhatCVE	CVE-2020-5656	22 May 202515:39	–	redhatcve
Tenable Nessus	Mitsubishi Electric MELSEC iQ-R Improper Access Control (CVE-2020-5656)	7 Feb 202200:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "a6f910be-fa47-30c0-a74b-1f8b5222a58d",
        "vendor": {
          "name": "Mitsubishi Electric Corporation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2d243dfb-e9c0-385f-9dcf-833ca8496b07",
        "product": {
          "name": "MELSEC iQ-R series"
        },
        "product_version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before"
      }
    ]
  }
]

Source	Link
mitsubishielectric	www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf
mitsubishielectric	www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf
jvn	www.jvn.jp/vu/JVNVU92513419/index.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

9.2High risk

Vulners AI Score9.2

CVSS 3.19.8

CVSS 27.5

EPSS0.00749