Buffer Overflow Vulnerability in MELSEC iQ-R Series by Mitsubishi Electric
CVE-2020-5653

9.8CRITICAL

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Melsec Iq-r Series
Vendor
CVE Published:
2 November 2020

Summary

A buffer overflow vulnerability exists in the TCP/IP function of the MELSEC iQ-R series firmware, which could allow remote unauthenticated attackers to disrupt network operations or execute arbitrary code through specially crafted network packets. This vulnerability affects several modules within the series based on their serial number. Users of affected products are advised to implement appropriate security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before

References

https://www.mitsubishielectric.co.jp/psirt/vulnerability/...
x_refsource_MISC
https://www.mitsubishielectric.com/en/psirt/vulnerability...
x_refsource_MISC
https://jvn.jp/vu/JVNVU92513419/index.html
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.