CVE-2020-5652 Information

Description

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R Q and L series CPU modules (R 00/01/02 CPU firmware versions ‘20’ and earlier R 04/08/16/32/120 (EN) CPU firmware versions ‘52’ and earlier R 08/16/32/120 SFCPU firmware versions ‘22’ and earlier R 08/16/32/120 PCPU all versions R 08/16/32/120 PSFCPU all versions R 16/32/64 MTCPU all versions Q03 UDECPU Q 04/06/10/13/20/26/50/100 UDEHCPU serial number ‘22081’ and earlier Q 03/04/06/13/26 UDVCPU serial number ‘22031’ and earlier Q 04/06/13/26 UDPVCPU serial number ‘22031’ and earlier Q 172/173 DCPU all versions Q 172/173 DSCPU all versions Q 170 MCPU all versions Q 170 MSCPU all versions L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet which may lead to a denial of service (DoS) condition .

Reference

https://jvn.jp/vu/JVNVU96558207/index.html https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf