Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2020-5544.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Mitsubishi IU1 NULL Pointer Dereference (CVE-2020-5544)
2022-02-0700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
mitsubishi
iu1
firmware
vulnerability
remote attackers
network functions
execute malware
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500543);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/13");
script_cve_id("CVE-2020-5544");
script_name(english:"Mitsubishi IU1 NULL Pointer Dereference (CVE-2020-5544)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series
IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware
via a specially crafted packet.
This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
# https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0b436e5e");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/en/vu/JVNVU92370624/index.html");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5544");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(476);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/16");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:iu1-1m20-d_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:iu1-1m20-d_firmware" :
{"versionEndIncluding" : "1.0.7", "family" : "Mitsubishi"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Related
prion
prion
Null pointer dereference
2020-03-16 02:15:00
cvelist
cvelist
CVE-2020-5544
2020-03-16 01:25:48
nvd
nvd
CVE-2020-5544
2020-03-16 02:15:10
cve
cve
CVE-2020-5544
2020-03-16 02:15:10
AI Score
9.6
Confidence
High
EPSS
0.012
Percentile
85.5%
Related for TENABLE_OT_MITSUBISHI_CVE-2020-5544.NASL