7.5
CVE-2020-5666
- EPSS 8.4%
- Veröffentlicht 16.11.2020 01:15:13
- Zuletzt bearbeitet 21.11.2024 05:34:26
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginUncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitsubishielectric ≫ Melsec Iq-r00 Firmware Version >= 05 <= 19
Mitsubishielectric ≫ Melsec Iq-r01 Firmware Version >= 05 <= 19
Mitsubishielectric ≫ Melsec Iq-r02 Firmware Version >= 05 <= 19
Mitsubishielectric ≫ Melsec Iq-r04 Firmware Version >= 35 <= 51
Mitsubishielectric ≫ Melsec Iq-r16 Firmware Version >= 35 <= 51
Mitsubishielectric ≫ Melsec Iq-r08 Firmware Version >= 35 <= 51
Mitsubishielectric ≫ Melsec Iq-r32 Firmware Version >= 35 <= 51
Mitsubishielectric ≫ Melsec Iq-r120 Firmware Version >= 35 <= 51
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.4% | 0.943 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
https://jvn.jp/en/jp/JVN44764844/index.html
https://jvn.jp/jp/JVN44764844/index.html
https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-015_en.pdf