Improper Length Parameter Handling in Mitsubishi Electric FA Engineering Software
CVE-2021-20588
9.8CRITICAL
Key Information:
- Status
- Vendor
- CVE Published:
- 19 February 2021
What is CVE-2021-20588?
An improper handling of length parameter inconsistency in Mitsubishi Electric FA Engineering Software allows remote, unauthenticated attackers to create a denial of service (DoS) condition. By spoofing responses from MELSEC, GOT, or FREQROL devices and sending crafted reply packets, an attacker may disrupt service and potentially execute malicious code on the victim's machine, even though exploitation has not been consistently demonstrated.
Affected Version(s)
FA Engineering Software CPU Module Logging Configuration Tool versions 1.112R and prior
FA Engineering Software CW Configurator versions 1.011M and prior
FA Engineering Software Data Transfer versions 3.44W and prior