Resource Management Errors in MELSEC iQ-R Series & PROFINET Products
CVE-2020-5658

7.5HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-r Series
Vendor
CVE Published:
2 November 2020

What is CVE-2020-5658?

The resource management errors present in the TCP/IP function of the Mitsubishi MELSEC iQ-R series firmware allow remote unauthenticated attackers to disrupt the network functionality of affected products. Upon sending a specially crafted packet, the vulnerabilities can cause operational impairment in the connected systems. This presents significant risks for enterprises relying on these modules for critical network functions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before

References

https://www.mitsubishielectric.co.jp/psirt/vulnerability/...
x_refsource_MISC
https://www.mitsubishielectric.com/en/psirt/vulnerability...
x_refsource_MISC
https://jvn.jp/vu/JVNVU92513419/index.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.