Uncontrolled Resource Consumption in MELSEC iQ-R Series CPU Modules by Mitsubishi Electric
CVE-2020-5666

7.5HIGH

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Melsec Iq-r Series Cpu Modules
Vendor
CVE Published:
16 November 2020

Summary

A vulnerability in MELSEC iQ-R Series CPU Modules allows remote attackers to exploit uncontrolled resource consumption. By sending specially crafted HTTP packets, an attacker can induce errors in the CPU unit's functionality, potentially leading to denial-of-service conditions affecting the execution of programs and communications. This vulnerability impacts specific firmware versions across several models, emphasizing the importance of updating systems and implementing security measures to mitigate risks.

Affected Version(s)

MELSEC iQ-R Series CPU Modules R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51'

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
x_refsource_MISC
https://jvn.jp/jp/JVN44764844/index.html
x_refsource_MISC
https://jvn.jp/en/jp/JVN44764844/index.html
x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.