CVE-2020-5652

Published: Nov 2, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

Affected (51)

Mitsubishielectric

51 products

Melsec Q Q04udpvcpu Firmware

Melsec Q Q06udpvcpu Firmware

Melsec Q Q13udpvcpu Firmware

Melsec Q Q26udpvcpu Firmware

Melsec Q Q03udvcpu Firmware

Melsec Q Q04udvcpu Firmware

Melsec Q Q13udvcpu Firmware

Melsec Q Q26udvcpu Firmware

Melsec Q Q03udecpu Firmware

Melsec Q Q04udehcpu Firmware

Melsec Q Q06udehcpu Firmware

Melsec Q Q10udehcpu Firmware

Melsec Q Q13udehcpu Firmware

Melsec Q Q20udehcpu Firmware

Melsec Q Q26udehcpu Firmware

Melsec Q Q50udehcpu Firmware

Melsec Q Q100udehcpu Firmware

Melsec Iq R08sfcpu Firmware

Melsec Iq R16sfcpu Firmware

Melsec Iq R32sfcpu Firmware

Melsec Iq R120sfcpu Firmware

Melsec Iq R04encpu Firmware

Melsec Iq R08encpu Firmware

Melsec Iq R16encpu Firmware

Melsec Iq R32encpu Firmware

Melsec Iq R120encpu Firmware

Melsec Iq R00cpu Firmware

Melsec Iq R01cpu Firmware

Melsec Iq R02cpu Firmware

Melsec Iq R08pcpu Firmware

Melsec Iq R08psfcpu Firmware

Melsec Iq R120pcpu Firmware

Melsec Iq R120psfcpu Firmware

Melsec Iq R16mtcpu Firmware

Melsec Iq R16pcpu Firmware

Melsec Iq R16psfcpu Firmware

Melsec Iq R32mtcpu Firmware

Melsec Iq R32pcpu Firmware

Melsec Iq R32psfcpu Firmware

Melsec Iq R64mtcpu Firmware

Melsec L02cpu P Firmware

Melsec L06cpu P Firmware

Melsec L26cpu P Firmware

Melsec L26cpu Pbt Firmware

Melsec Q Q170mcpu Firmware

Melsec Q Q170mscpu S1 Firmware

Melsec Q Q172dcpu S1 Firmware

Melsec Q Q172dscpu Firmware

Melsec Q Q173dcpu S1 Firmware

Melsec Q Q173dscpu Firmware

Melsec Q Qmr Mq100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q04udpvcpu Firmware	Version 22031

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q04udpvcpu	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q06udpvcpu Firmware	Version 22031

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q06udpvcpu	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q13udpvcpu Firmware	Version 22031

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q13udpvcpu	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q26udpvcpu Firmware	Version 22031

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q26udpvcpu	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q03udvcpu Firmware	Version 22031

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q03udvcpu	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q04udvcpu Firmware	Version 22031

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q04udvcpu	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q13udvcpu Firmware	Version 22031

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q13udvcpu	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q26udvcpu Firmware	Version 22031

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q26udvcpu	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q03udecpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q03udecpu	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q04udehcpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q04udehcpu	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q06udehcpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q06udehcpu	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q10udehcpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q10udehcpu	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q13udehcpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q13udehcpu	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q20udehcpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q20udehcpu	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q26udehcpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q26udehcpu	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q50udehcpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q50udehcpu	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q100udehcpu Firmware	Version 22081

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q100udehcpu	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R08sfcpu Firmware	Version 22

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R08sfcpu	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R16sfcpu Firmware	Version 22

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R16sfcpu	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R32sfcpu Firmware	Version 22

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R32sfcpu	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R120sfcpu Firmware	Version 22

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R120sfcpu	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R04encpu Firmware	Version 52

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R04encpu	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R08encpu Firmware	Version 52

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R08encpu	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R16encpu Firmware	Version 52

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R16encpu	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R32encpu Firmware	Version 52

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R32encpu	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R120encpu Firmware	Version 52

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R120encpu	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R00cpu Firmware	Version 20

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R00cpu	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R01cpu Firmware	Version 20

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R01cpu	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R02cpu Firmware	Version 20

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R02cpu	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R08pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R08pcpu	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R08psfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R08psfcpu	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R120pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R120pcpu	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R120psfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R120psfcpu	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R16mtcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R16mtcpu	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R16pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R16pcpu	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R16psfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R16psfcpu	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R32mtcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R32mtcpu	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R32pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R32pcpu	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R32psfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R32psfcpu	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Iq R64mtcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Iq R64mtcpu	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec L02cpu P Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec L02cpu P	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec L06cpu P Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec L06cpu P	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec L26cpu P Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec L26cpu P	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec L26cpu Pbt Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec L26cpu Pbt	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q170mcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q170mcpu	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q170mscpu S1 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q170mscpu S1	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q172dcpu S1 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q172dcpu S1	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q172dscpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q172dscpu	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q173dcpu S1 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q173dcpu S1	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Q173dscpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Q173dscpu	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric Melsec Q Qmr Mq100 Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric Melsec Q Qmr Mq100	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://jvn.jp/vu/JVNVU96558207/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/vu/JVNVU96558207/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.