CVE-2021-20610 Information
Description
Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions \24\ and prior MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \57\ and prior MELSEC iQ-R Series R08/16/32/120SFCPU All versions MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \29\ and prior MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions �8\ and prior MELSEC iQ-R Series R16/32/64MTCPU Operating system software version \23\ and prior MELSEC iQ-R Series R12CCPU-V All versions MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \23121\ and prior MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \23121\ and prior MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \23071\ and prior MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \23071\ and prior MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \24031\ and prior MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \24031\ and prior MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \24031\ and prior MELSEC Q Series MR-MQ100 Operating system software version \F\ and prior MELSEC Q Series Q172/173DCPU-S1 Operating system software version \W\ and prior MELSEC Q Series Q172/173DSCPU All versions MELSEC Q Series Q170MCPU Operating system software version \W\ and prior MELSEC Q Series Q170MSCPU(-S1) All versions MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \23121\ and prior MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \23121\ and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf https://jvn.jp/vu/JVNVU94434051/index.html https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: