CVE-2020-5668

Published: Nov 20, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-26829 Aliases: GSD-2020-5668
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
HIGH 7,8
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: complete

Description

AI Translation Available

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0312
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

400

Uncontrolled Resource Consumption

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Operating System

R32Sfcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R32Sfcpu Firmware
Version Range Affected
To 22 (inclusive)
cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R04Cpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R04Cpu Firmware
Version Range Affected
To 51 (inclusive)
cpe:2.3:o:mitsubishielectric:r04cpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R16Pcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R16Pcpu Firmware
Version Range Affected
To 25 (inclusive)
cpe:2.3:o:mitsubishielectric:r16pcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R08Psfcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R08Psfcpu Firmware
Version Range Affected
To 06 (inclusive)
cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R120Sfcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R120Sfcpu Firmware
Version Range Affected
To 22 (inclusive)
cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Rj71Gf11-T2 Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product Rj71Gf11-T2 Firmware
Version Range Affected
To 47 (inclusive)
cpe:2.3:o:mitsubishielectric:rj71gf11-t2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Rj71Gn11-T2 Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product Rj71Gn11-T2 Firmware
Version Range Affected
To 11 (inclusive)
cpe:2.3:o:mitsubishielectric:rj71gn11-t2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Rj71C24-R4 Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product Rj71C24-R4 Firmware
Version Range Affected
To 47 (inclusive)
cpe:2.3:o:mitsubishielectric:rj71c24-r4_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R00Cpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R00Cpu Firmware
Version Range Affected
To 19 (inclusive)
cpe:2.3:o:mitsubishielectric:r00cpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R16Psfcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R16Psfcpu Firmware
Version Range Affected
To 06 (inclusive)
cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R16Sfcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R16Sfcpu Firmware
Version Range Affected
To 22 (inclusive)
cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Rj71Gp21-Sx Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product Rj71Gp21-Sx Firmware
Version Range Affected
To 47 (inclusive)
cpe:2.3:o:mitsubishielectric:rj71gp21-sx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R120Pcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R120Pcpu Firmware
Version Range Affected
To 25 (inclusive)
cpe:2.3:o:mitsubishielectric:r120pcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Rj72Gf15-T2 Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product Rj72Gf15-T2 Firmware
Version Range Affected
To 07 (inclusive)
cpe:2.3:o:mitsubishielectric:rj72gf15-t2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R32Pcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R32Pcpu Firmware
Version Range Affected
To 25 (inclusive)
cpe:2.3:o:mitsubishielectric:r32pcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R120Psfcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R120Psfcpu Firmware
Version Range Affected
To 06 (inclusive)
cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R08Cpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R08Cpu Firmware
Version Range Affected
To 51 (inclusive)
cpe:2.3:o:mitsubishielectric:r08cpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R32Cpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R32Cpu Firmware
Version Range Affected
To 51 (inclusive)
cpe:2.3:o:mitsubishielectric:r32cpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R32Psfcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R32Psfcpu Firmware
Version Range Affected
To 06 (inclusive)
cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R120Cpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R120Cpu Firmware
Version Range Affected
To 51 (inclusive)
cpe:2.3:o:mitsubishielectric:r120cpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R16Cpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R16Cpu Firmware
Version Range Affected
To 51 (inclusive)
cpe:2.3:o:mitsubishielectric:r16cpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Rj71En71 Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product Rj71En71 Firmware
Version Range Affected
To 47 (inclusive)
cpe:2.3:o:mitsubishielectric:rj71en71_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R01Cpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R01Cpu Firmware
Version Range Affected
To 19 (inclusive)
cpe:2.3:o:mitsubishielectric:r01cpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Rj71C24-R2 Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product Rj71C24-R2 Firmware
Version Range Affected
To 47 (inclusive)
cpe:2.3:o:mitsubishielectric:rj71c24-r2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R08Sfcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R08Sfcpu Firmware
Version Range Affected
To 22 (inclusive)
cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Rj71Gp21S-Sx Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product Rj71Gp21S-Sx Firmware
Version Range Affected
To 47 (inclusive)
cpe:2.3:o:mitsubishielectric:rj71gp21s-sx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R08Pcpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R08Pcpu Firmware
Version Range Affected
To 25 (inclusive)
cpe:2.3:o:mitsubishielectric:r08pcpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

R02Cpu Firmware by Mitsubishielectric

Product Information
Vendor Mitsubishielectric
Product R02Cpu Firmware
Version Range Affected
To 19 (inclusive)
cpe:2.3:o:mitsubishielectric:r02cpu_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://jvn.jp/vu/JVNVU95980140/index.html
Third Party Advisory
https://jvn.jp/vu/JVNVU95980140/index.html
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-05
Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-05
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pd…
Vendor Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-016.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/p…
Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-016_en.pdf
https://jvn.jp/vu/JVNVU95980140/index.html
Third Party Advisory
https://jvn.jp/vu/JVNVU95980140/index.html
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-05
Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-05
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pd…
Vendor Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-016.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/p…
Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-016_en.pdf