ID ICSA-20-303-02 Type ics Reporter Industrial Control Systems Cyber Emergency Response Team Modified 2020-10-30T00:00:00
Description
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R
Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors
2. RISK EVALUATION
Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following modules of MELSEC iQ-R Series are affected:
EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.
PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before
High Speed Data Logger Module, RD81DL96: First 2 digits of serial number are 08 or before
MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before
OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before
Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:
Block access from untrusted networks and hosts through firewalls.
Please refer to Mitsubishi Electric’s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
Contact Information
For any questions related to this report, please contact the CISA at:
For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics
or incident reporting: https://us-cert.cisa.gov/report
CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.
{"id": "ICSA-20-303-02", "bulletinFamily": "info", "title": "Mitsubishi Electric MELSEC iQ-R", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Mitsubishi Electric\n * **Equipment:** MELSEC iQ-R\n * **Vulnerabilities:** Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following modules of MELSEC iQ-R Series are affected:\n\n * EtherNet/IP Network Interface Module, RJ71EIP91: First 2 digits of serial number are 02 or before.\n * PROFINET IO Controller Module, RJ71PN92: First 2 digits of serial number are 01 or before\n * High Speed Data Logger Module, RD81DL96: First 2 digits of serial number are 08 or before\n * MES Interface Module, RD81MES96N: First 2 digits of serial number are 04 or before\n * OPC UA Server Module, RD81OPC96: First 2 digits of serial number are 04 or before\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nAn attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.\n\n[CVE-2020-5653](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5653>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.2 [SESSION FIXATION CWE-384](<https://cwe.mitre.org/data/definitions/384.html>)\n\nAn attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.\n\n[CVE-2020-5654](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5654>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.3 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nAn attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. \n\n[CVE-2020-5655](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5655>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.4 [IMPROPER ACCESS CONTROL CWE-284](<https://cwe.mitre.org/data/definitions/284.html>)\n\nAn attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.\n\n[CVE-2020-5656](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5656>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.5 [IMPROPER NEUTRALIZATION OF ARGUMENT DELIMITERS IN A COMMAND ('ARGUMENT INJECTION') CWE-88](<https://cwe.mitre.org/data/definitions/88.html>)\n\nAn attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.\n\n[CVE-2020-5657](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5657>) has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.6 [RESOURCE MANAGEMENT ERRORS CWE-399](<https://cwe.mitre.org/data/definitions/399.html>)\n\nAn attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. \n\n[CVE-2020-5658](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5658>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Japan\n\n### 3.4 RESEARCHER\n\n## 4\\. MITIGATIONS\n\nMitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:\n\n * Block access from untrusted networks and hosts through firewalls.\n\nPlease refer to [Mitsubishi Electric\u2019s website](<https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf>) for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://www.us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://www.us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://www.us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities. \n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02>); we'd welcome your feedback.\n", "published": "2020-10-29T00:00:00", "modified": "2020-10-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.us-cert.gov//ics/advisories/icsa-20-303-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5655", "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-303-02", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.whitehouse.gov/", "https://cwe.mitre.org/data/definitions/88.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://www.dhs.gov/plain-writing-dhs", "https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-303-02", "https://www.us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5656", "https://www.oig.dhs.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "https://www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://cwe.mitre.org/data/definitions/476.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5657", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-303-02", "https://www.dhs.gov", "https://cwe.mitre.org/data/definitions/399.html", "https://www.usa.gov/", "https://cwe.mitre.org/data/definitions/284.html", "https://www.dhs.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5658", "https://www.us-cert.cisa.gov/ics", "https://www.us-cert.cisa.gov/ics", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5654", "https://cwe.mitre.org/data/definitions/384.html", "https://www.us-cert.cisa.gov/ics/recommended-practices", "https://www.us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5653"], "cvelist": ["CVE-2020-5653", "CVE-2020-5656", "CVE-2020-5657", "CVE-2020-5654", "CVE-2020-5655", "CVE-2020-5658"], "type": "ics", "lastseen": "2020-12-18T03:22:17", "edition": 5, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-5657", "CVE-2020-5654", "CVE-2020-5658", "CVE-2020-5655", "CVE-2020-5656", "CVE-2020-5653"]}], "modified": "2020-12-18T03:22:17", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2020-12-18T03:22:17", "rev": 2}, "vulnersScore": 6.7}, "scheme": null}
{"cve": [{"lastseen": "2020-11-12T12:58:39", "description": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-02T21:15:00", "title": "CVE-2020-5654", "type": "cve", "cwe": ["CWE-384"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5654"], "modified": "2020-11-10T15:27:00", "cpe": ["cpe:/o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-"], "id": "CVE-2020-5654", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5654", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-12T12:58:39", "description": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-02T21:15:00", "title": "CVE-2020-5656", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5656"], "modified": "2020-11-10T14:29:00", "cpe": ["cpe:/o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-"], "id": "CVE-2020-5656", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5656", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-12T12:58:39", "description": "Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-02T21:15:00", "title": "CVE-2020-5657", "type": "cve", "cwe": ["CWE-88"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5657"], "modified": "2020-11-10T14:22:00", "cpe": ["cpe:/o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-"], "id": "CVE-2020-5657", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5657", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-12T12:58:39", "description": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-02T21:15:00", "title": "CVE-2020-5655", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5655"], "modified": "2020-11-10T14:34:00", "cpe": ["cpe:/o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-"], "id": "CVE-2020-5655", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5655", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-12T12:58:39", "description": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-02T21:15:00", "title": "CVE-2020-5658", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5658"], "modified": "2020-11-10T14:59:00", "cpe": ["cpe:/o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-"], "id": "CVE-2020-5658", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5658", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-12T12:58:39", "description": "Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-02T21:15:00", "title": "CVE-2020-5653", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5653"], "modified": "2020-11-10T15:16:00", "cpe": ["cpe:/o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-", "cpe:/o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-"], "id": "CVE-2020-5653", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5653", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*"]}]}
