CVE-2021-20586 Information

Description

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller \CR800-VD\ of RV-FR-D- all versions controller \CR800-HD\ of RH-FRH-D- all versions controller \CR800-HRD\ of RH-FRHR-D- all versions controller \CR800-VR with R16RTCPU\ of RV-FR-R- all versions controller \CR800-HR with R16RTCPU\ of RH-FRH-R- all versions controller \CR800-HRR with R16RTCPU\ of RH-FRHR-R- all versions controller \CR800-VQ with Q172DSRCPU\ of RV-FR-Q- all versions controller \CR800-HQ with Q172DSRCPU\ of RH-FRH-Q- all versions controller \CR800-HRQ with Q172DSRCPU\ of RH-FRHR-Q- all versions) and a robot controller of MELFA CR Series(controller \CR800-CVD\ of RV-8CRL-D- all versions controller \CR800-CHD\ of RH-CRH-D- all versions) as well as a cooperative robot ASSISTA(controller \CR800-05VD\ of RV-5AS-D- all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS an error may occur. A reset is required to recover it if the error occurs.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5