Resource Management Errors in MELSEC iQ-R Series & PROFINET Products
CVE-2020-5658

7.5HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-r Series
Vendor
CVE Published:
2 November 2020

What is CVE-2020-5658?

The resource management errors present in the TCP/IP function of the Mitsubishi MELSEC iQ-R series firmware allow remote unauthenticated attackers to disrupt the network functionality of affected products. Upon sending a specially crafted packet, the vulnerabilities can cause operational impairment in the connected systems. This presents significant risks for enterprises relying on these modules for critical network functions.

Affected Version(s)

MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before

References

https://www.mitsubishielectric.co.jp/psirt/vulnerability/...
x_refsource_MISC
https://www.mitsubishielectric.com/en/psirt/vulnerability...
x_refsource_MISC
https://jvn.jp/vu/JVNVU92513419/index.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-5658 : Resource Management Errors in MELSEC iQ-R Series & PROFINET Products