7.8
CVE-2020-13238
- EPSS 0.3%
- Veröffentlicht 10.06.2020 20:15:14
- Zuletzt bearbeitet 21.11.2024 05:00:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitsubishielectric ≫ Melsec Iq-r00cpu Firmware Version <= 7
Mitsubishielectric ≫ Melsec Iq-r01cpu Firmware Version <= 7
Mitsubishielectric ≫ Melsec Iq-r02cpu Firmware Version <= 7
Mitsubishielectric ≫ Melsec Iq-r04cpu Firmware Version <= 39
Mitsubishielectric ≫ Melsec Iq-r08cpu Firmware Version <= 39
Mitsubishielectric ≫ Melsec Iq-r16cpu Firmware Version <= 39
Mitsubishielectric ≫ Melsec Iq-r32cpu Firmware Version <= 39
Mitsubishielectric ≫ Melsec Iq-r120cpu Firmware Version <= 39
Mitsubishielectric ≫ Melsec Iq-r08fcpu Firmware Version <= 20
Mitsubishielectric ≫ Melsec Iq-r16fcpu Firmware Version <= 20
Mitsubishielectric ≫ Melsec Iq-r32fcpu Firmware Version <= 20
Mitsubishielectric ≫ Melsec Iq-r120fcpu Firmware Version <= 20
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.531 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.