CVE-2021-20591

Published: Jun 11, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.

Affected (20)

Products: Mitsubishielectric: R00cpu Firmware, R01cpu Firmware, R02cpu Firmware, R04cpu Firmware, R08cpu Firmware, R16cpu Firmware, R32cpu Firmware, R120cpu Firmware, R08sfcpu Firmware, R16sfcpu Firmware, R32sfcpu Firmware, R120sfcpu Firmware, R08pcpu Firmware, R16pcpu Firmware, R32pcpu Firmware, R120pcpu Firmware, R08psfcpu Firmware, R16psfcpu Firmware, R32psfcpu Firmware, R120psfcpu Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R00cpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R00cpu	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R01cpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R01cpu	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R02cpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R02cpu	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R04cpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R04cpu	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R08cpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R08cpu	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R16cpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R16cpu	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R32cpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R32cpu	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R120cpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R120cpu	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R08sfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R08sfcpu	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R16sfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R16sfcpu	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R32sfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R32sfcpu	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R120sfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R120sfcpu	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R08pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R08pcpu	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R16pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R16pcpu	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R32pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R32pcpu	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R120pcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R120pcpu	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R08psfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R08psfcpu	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R16psfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R16psfcpu	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R32psfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R32psfcpu	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mitsubishielectric R120psfcpu Firmware	All versions

Running on/with	Platform Versions
Mitsubishielectric R120psfcpu	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://jvn.jp/vu/JVNVU98060539/index.html

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vendor Advisory

https://jvn.jp/vu/JVNVU98060539/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.