CVE-2020-5527 : When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R serie

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

Published 2020-03-30 08:15:18

Updated 2020-04-07 13:49:39

Source JPCERT/CC

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-5527

Mitsubishielectric » L26cpu-bt Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l26cpu-bt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L26cpu-bt » Version: N/A
Mitsubishielectric » L26cpu-pbt Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l26cpu-pbt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L26cpu-pbt » Version: N/A
Mitsubishielectric » Q24dhccpu-v Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q24dhccpu-v_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q24dhccpu-v » Version: N/A
Mitsubishielectric » R00cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R00cpu » Version: N/A
Mitsubishielectric » R01cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R01cpu » Version: N/A
Mitsubishielectric » R02cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R02cpu » Version: N/A
Mitsubishielectric » R04cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R04cpu » Version: N/A
Mitsubishielectric » R08cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R08cpu » Version: N/A
Mitsubishielectric » R16cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R16cpu » Version: N/A
Mitsubishielectric » R32cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R32cpu » Version: N/A
Mitsubishielectric » R120cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R120cpu » Version: N/A
Mitsubishielectric » Cr800-q Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:cr800-q_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Cr800-q » Version: N/A
Mitsubishielectric » Fx3g Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:fx3g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Fx3g » Version: N/A
Mitsubishielectric » Fx3gc Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:fx3gc_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Fx3gc » Version: N/A
Mitsubishielectric » Fx3s Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:fx3s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Fx3s » Version: N/A
Mitsubishielectric » Fx3u Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:fx3u_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Fx3u » Version: N/A
Mitsubishielectric » Fx3uc Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:fx3uc_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Fx3uc » Version: N/A
Mitsubishielectric » Fx5u Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:fx5u_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Fx5u » Version: N/A
Mitsubishielectric » Fx5uc Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Fx5uc » Version: N/A
Mitsubishielectric » Fx5uj Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Fx5uj » Version: N/A
Mitsubishielectric » L02cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l02cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L02cpu » Version: N/A
Mitsubishielectric » L02cpu-p Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l02cpu-p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L02cpu-p » Version: N/A
Mitsubishielectric » L02scpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l02scpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L02scpu » Version: N/A
Mitsubishielectric » L02scpu-p Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l02scpu-p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L02scpu-p » Version: N/A
Mitsubishielectric » L06cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l06cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L06cpu » Version: N/A
Mitsubishielectric » L06cpu-p Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l06cpu-p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L06cpu-p » Version: N/A
Mitsubishielectric » L26cpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l26cpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L26cpu » Version: N/A
Mitsubishielectric » L26cpu-p Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:l26cpu-p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » L26cpu-p » Version: N/A
Mitsubishielectric » Q02phcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q02phcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q02phcpu » Version: N/A
Mitsubishielectric » Q06phcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q06phcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q06phcpu » Version: N/A
Mitsubishielectric » Q12dccpu-v Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q12dccpu-v_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q12dccpu-v » Version: N/A
Mitsubishielectric » Q12phcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q12phcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q12phcpu » Version: N/A
Mitsubishielectric » Q12prhcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q12prhcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q12prhcpu » Version: N/A
Mitsubishielectric » Q172dscpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q172dscpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q172dscpu » Version: N/A
Mitsubishielectric » Q173dscpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q173dscpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q173dscpu » Version: N/A
Mitsubishielectric » Q173nccpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q173nccpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q173nccpu » Version: N/A
Mitsubishielectric » Q24dhccpu-ls Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q24dhccpu-ls_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q24dhccpu-ls » Version: N/A
Mitsubishielectric » Q24dhccpu-vg2 Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q24dhccpu-vg2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q24dhccpu-vg2 » Version: N/A
Mitsubishielectric » Q25phcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q25phcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q25phcpu » Version: N/A
Mitsubishielectric » Q25prhcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q25prhcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q25prhcpu » Version: N/A
Mitsubishielectric » Q26dhccpu-ls Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:q26dhccpu-ls_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Q26dhccpu-ls » Version: N/A
Mitsubishielectric » R04encpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R04encpu » Version: N/A
Mitsubishielectric » R08encpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R08encpu » Version: N/A
Mitsubishielectric » R120encpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R120encpu » Version: N/A
Mitsubishielectric » R16encpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R16encpu » Version: N/A
Mitsubishielectric » R32encpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » R32encpu » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-5527

EPSS FAQ

0.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-5527

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-5527

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-5527

https://jvn.jp/en/vu/JVNVU91553662/index.html

JVNVU#91553662: Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port
Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf

MITSUBISHI ELECTRIC Global website
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-5527

Products affected by CVE-2020-5527

Exploit prediction scoring system (EPSS) score for CVE-2020-5527

CVSS scores for CVE-2020-5527

CWE ids for CVE-2020-5527

References for CVE-2020-5527