Lucene search

[email protected]NVD:CVE-2020-5666

HistoryNov 16, 2020 - 1:15 a.m.

CVE-2020-5666

2020-11-1601:15:13

CWE-400

[email protected]

web.nvd.nist.gov

resource consumption vulnerability

melsec iq-r

remote attacker

http packet

denial-of-service (dos) condition

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.009

Percentile

83.0%

JSON

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from ‘05’ to ‘19’ and R04/08/16/32/120(EN)CPU Firmware versions from ‘35’ to ‘51’) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.

Affected configurations

Nvd

Node

mitsubishielectricmelsec_iq-r00_firmwareRange05–19

AND

mitsubishielectricmelsec_iq-r00Match-

Node

mitsubishielectricmelsec_iq-r01_firmwareRange05–19

AND

mitsubishielectricmelsec_iq-r01Match-

Node

mitsubishielectricmelsec_iq-r02_firmwareRange05–19

AND

mitsubishielectricmelsec_iq-r02Match-

Node

mitsubishielectricmelsec_iq-r04_firmwareRange35–51

AND

mitsubishielectricmelsec_iq-r04Match-

Node

mitsubishielectricmelsec_iq-r16_firmwareRange35–51

AND

mitsubishielectricmelsec_iq-r16Match-

Node

mitsubishielectricmelsec_iq-r08_firmwareRange35–51

AND

mitsubishielectricmelsec_iq-r08Match-

Node

mitsubishielectricmelsec_iq-r32_firmwareRange35–51

AND

mitsubishielectricmelsec_iq-r32Match-

Node

mitsubishielectricmelsec_iq-r120_firmwareRange35–51

AND

mitsubishielectricmelsec_iq-r120Match-

VendorProductVersionCPE
mitsubishielectricmelsec_iq-r00_firmware*cpe:2.3:o:mitsubishielectric:melsec_iq-r00_firmware:*:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r00-cpe:2.3:h:mitsubishielectric:melsec_iq-r00:-:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r01_firmware*cpe:2.3:o:mitsubishielectric:melsec_iq-r01_firmware:*:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r01-cpe:2.3:h:mitsubishielectric:melsec_iq-r01:-:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r02_firmware*cpe:2.3:o:mitsubishielectric:melsec_iq-r02_firmware:*:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r02-cpe:2.3:h:mitsubishielectric:melsec_iq-r02:-:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r04_firmware*cpe:2.3:o:mitsubishielectric:melsec_iq-r04_firmware:*:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r04-cpe:2.3:h:mitsubishielectric:melsec_iq-r04:-:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r16_firmware*cpe:2.3:o:mitsubishielectric:melsec_iq-r16_firmware:*:*:*:*:*:*:*:*
mitsubishielectricmelsec_iq-r16-cpe:2.3:h:mitsubishielectric:melsec_iq-r16:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitsubishielectric	melsec_iq-r00_firmware	*	cpe:2.3:o:mitsubishielectric:melsec_iq-r00_firmware::::::::
mitsubishielectric	melsec_iq-r00	-	cpe:2.3:h:mitsubishielectric:melsec_iq-r00:-:::::::*
mitsubishielectric	melsec_iq-r01_firmware	*	cpe:2.3:o:mitsubishielectric:melsec_iq-r01_firmware::::::::
mitsubishielectric	melsec_iq-r01	-	cpe:2.3:h:mitsubishielectric:melsec_iq-r01:-:::::::*
mitsubishielectric	melsec_iq-r02_firmware	*	cpe:2.3:o:mitsubishielectric:melsec_iq-r02_firmware::::::::
mitsubishielectric	melsec_iq-r02	-	cpe:2.3:h:mitsubishielectric:melsec_iq-r02:-:::::::*
mitsubishielectric	melsec_iq-r04_firmware	*	cpe:2.3:o:mitsubishielectric:melsec_iq-r04_firmware::::::::
mitsubishielectric	melsec_iq-r04	-	cpe:2.3:h:mitsubishielectric:melsec_iq-r04:-:::::::*
mitsubishielectric	melsec_iq-r16_firmware	*	cpe:2.3:o:mitsubishielectric:melsec_iq-r16_firmware::::::::
mitsubishielectric	melsec_iq-r16	-	cpe:2.3:h:mitsubishielectric:melsec_iq-r16:-:::::::*

Rows per page:

1-10 of 161

References

jvn.jp/en/jp/JVN44764844/index.html

jvn.jp/jp/JVN44764844/index.html

us-cert.cisa.gov/ics/advisories/icsa-20-317-01

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-015_en.pdf

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.009

Percentile

83.0%

JSON

Related for NVD:CVE-2020-5666

nessus1 cve1 ics1 prion1 jvn1 cvelist1