CVE-2020-16850

Published: Nov 30, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.

Affected (19)

Products: Mitsubishielectric: R00cpu Firmware, R01cpu Firmware, R02cpu Firmware, R04cpu Firmware, R08cpu Firmware, R16cpu Firmware, R32cpu Firmware, R120cpu Firmware, R08sfcpu Firmware, R16sfcpu Firmware, R32sfcpu Firmware, R120sfcpu Firmware, R08pcpu Firmware, R16pcpu Firmware, R32pcpu Firmware, R120pcpu Firmware, R16mtcpu Firmware, R32mtcpu Firmware, R64mtcpu Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R00cpu Firmware	Up to 20

Running on/with	Platform Versions
Mitsubishielectric R00cpu	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R01cpu Firmware	Up to 20

Running on/with	Platform Versions
Mitsubishielectric R01cpu	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R02cpu Firmware	Up to 20

Running on/with	Platform Versions
Mitsubishielectric R02cpu	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R04cpu Firmware	Up to 52

Running on/with	Platform Versions
Mitsubishielectric R04cpu	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R08cpu Firmware	Up to 52

Running on/with	Platform Versions
Mitsubishielectric R08cpu	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R16cpu Firmware	Up to 52

Running on/with	Platform Versions
Mitsubishielectric R16cpu	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R32cpu Firmware	Up to 52

Running on/with	Platform Versions
Mitsubishielectric R32cpu	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R120cpu Firmware	Up to 52

Running on/with	Platform Versions
Mitsubishielectric R120cpu	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R08sfcpu Firmware	Up to 22

Running on/with	Platform Versions
Mitsubishielectric R08sfcpu	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R16sfcpu Firmware	Up to 22

Running on/with	Platform Versions
Mitsubishielectric R16sfcpu	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R32sfcpu Firmware	Up to 22

Running on/with	Platform Versions
Mitsubishielectric R32sfcpu	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R120sfcpu Firmware	Up to 22

Running on/with	Platform Versions
Mitsubishielectric R120sfcpu	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R08pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R08pcpu	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R16pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R16pcpu	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R32pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R32pcpu	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R120pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R120pcpu	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R16mtcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R16mtcpu	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R32mtcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R32mtcpu	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R64mtcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R64mtcpu	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series

Source: cve@mitre.org

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.