CVE-2020-5668

EPSS 3.12%
Veröffentlicht 20.11.2020 04:15:11
Zuletzt bearbeitet 21.11.2024 05:34:27
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ R00cpu Firmware Version <= 19

Mitsubishielectric ≫ R00cpu Version-

Mitsubishielectric ≫ R01cpu Firmware Version <= 19

Mitsubishielectric ≫ R01cpu Version-

Mitsubishielectric ≫ R02cpu Firmware Version <= 19

Mitsubishielectric ≫ R02cpu Version-

Mitsubishielectric ≫ R04cpu Firmware Version <= 51

Mitsubishielectric ≫ R04cpu Version-

Mitsubishielectric ≫ R08cpu Firmware Version <= 51

Mitsubishielectric ≫ R08cpu Version-

Mitsubishielectric ≫ R16cpu Firmware Version <= 51

Mitsubishielectric ≫ R16cpu Version-

Mitsubishielectric ≫ R32cpu Firmware Version <= 51

Mitsubishielectric ≫ R32cpu Version-

Mitsubishielectric ≫ R120cpu Firmware Version <= 51

Mitsubishielectric ≫ R120cpu Version-

Mitsubishielectric ≫ R08sfcpu Firmware Version <= 22

Mitsubishielectric ≫ R08sfcpu Version-

Mitsubishielectric ≫ R16sfcpu Firmware Version <= 22

Mitsubishielectric ≫ R16sfcpu Version-

Mitsubishielectric ≫ R32sfcpu Firmware Version <= 22

Mitsubishielectric ≫ R32sfcpu Version-

Mitsubishielectric ≫ R120sfcpu Firmware Version <= 22

Mitsubishielectric ≫ R120sfcpu Version-

Mitsubishielectric ≫ R08pcpu Firmware Version <= 25

Mitsubishielectric ≫ R08pcpu Version-

Mitsubishielectric ≫ R16pcpu Firmware Version <= 25

Mitsubishielectric ≫ R16pcpu Version-

Mitsubishielectric ≫ R32pcpu Firmware Version <= 25

Mitsubishielectric ≫ R32pcpu Version-

Mitsubishielectric ≫ R120pcpu Firmware Version <= 25

Mitsubishielectric ≫ R120pcpu Version-

Mitsubishielectric ≫ R08psfcpu Firmware Version <= 06

Mitsubishielectric ≫ R08psfcpu Version-

Mitsubishielectric ≫ R16psfcpu Firmware Version <= 06

Mitsubishielectric ≫ R16psfcpu Version-

Mitsubishielectric ≫ R32psfcpu Firmware Version <= 06

Mitsubishielectric ≫ R32psfcpu Version-

Mitsubishielectric ≫ R120psfcpu Firmware Version <= 06

Mitsubishielectric ≫ R120psfcpu Version-

Mitsubishielectric ≫ Rj71en71 Firmware Version <= 47

Mitsubishielectric ≫ Rj71en71 Version-

Mitsubishielectric ≫ Rj71gf11-t2 Firmware Version <= 47

Mitsubishielectric ≫ Rj71gf11-t2 Version-

Mitsubishielectric ≫ Rj72gf15-t2 Firmware Version <= 07

Mitsubishielectric ≫ Rj72gf15-t2 Version-

Mitsubishielectric ≫ Rj71gp21-sx Firmware Version <= 47

Mitsubishielectric ≫ Rj71gp21-sx Version-

Mitsubishielectric ≫ Rj71gp21s-sx Firmware Version <= 47

Mitsubishielectric ≫ Rj71gp21s-sx Version-

Mitsubishielectric ≫ Rj71c24-r2 Firmware Version <= 47

Mitsubishielectric ≫ Rj71c24-r2 Version-

Mitsubishielectric ≫ Rj71c24-r4 Firmware Version <= 47

Mitsubishielectric ≫ Rj71c24-r4 Version-

Mitsubishielectric ≫ Rj71gn11-t2 Firmware Version <= 11

Mitsubishielectric ≫ Rj71gn11-t2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.12%	0.863

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://jvn.jp/vu/JVNVU95980140/index.html

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-324-05

Third Party Advisory

US Government Resource

https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-016.pdf

Vendor Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-016_en.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5668

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5668