CVE-2020-5603

EPSS 0.49%
Veröffentlicht 30.06.2020 11:15:11
Zuletzt bearbeitet 21.11.2024 05:34:20
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ Cpu Module Logging Configuration Tool Version <= 1.94y

Mitsubishielectric ≫ Cw Configurator Version <= 1.010l

Mitsubishielectric ≫ Em Configurator Version <= 1.010l

Mitsubishielectric ≫ Gt Designer3 Version <= 1.221f

Mitsubishielectric ≫ Gx Logviewer Version <= 1.100e

Mitsubishielectric ≫ Gx Works2 Version <= 1.590q

Mitsubishielectric ≫ Gx Works3 Version <= 1.060n

Mitsubishielectric ≫ M Commdtm-hart Version <= 1.01b

Mitsubishielectric ≫ M Commdtm-io-link Version <= 1.03d

Mitsubishielectric ≫ Melfa-works Version <= 4.4

Mitsubishielectric ≫ Melsec-l Flexible High-speed I/o Control Module Configuration Tool Version <= 1.005f

Mitsubishielectric ≫ Melsoft Fielddeviceconfigurator Version <= 1.04e

Mitsubishielectric ≫ Melsoft Iq Appportal Version <= 1.14q

Mitsubishielectric ≫ Melsoft Navigator Version <= 2.62q

Mitsubishielectric ≫ Mi Configurator Version <= 1.004e

Mitsubishielectric ≫ Motion Control Setting Version <= 1.006g

Mitsubishielectric ≫ Mr Configurator2 Version <= 1.100e

Mitsubishielectric ≫ Mt Works2 Version <= 1.160s

Mitsubishielectric ≫ Rt Toolbox2 Version <= 3.73b

Mitsubishielectric ≫ Rt Toolbox3 Version <= 1.60n

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.629

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://jvn.jp/en/vu/JVNVU90307594/index.html

Third Party Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-004_en.pdf

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2020-5603

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5603

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5603

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-5603