CVE-2020-5658 Information

Feb 14, 2021 cve

Description

Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ‘02’ or before RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ‘01’ or before RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ‘08’ or before RD81MES96N MES Interface Module First 2 digits of serial number are ‘04’ or before and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ‘04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://jvn.jp/vu/JVNVU92513419/index.html https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: