CVE-2020-5652 : Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R,

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

Published 2020-11-02 21:15:34

Updated 2020-11-19 17:50:42

Source JPCERT/CC

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-5652

Mitsubishielectric » Melsec Iq-r00cpu Firmware » Version: 20
cpe:2.3:o:mitsubishielectric:melsec_iq-r00cpu_firmware:20:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r00cpu » Version: N/A
Mitsubishielectric » Melsec Iq-r01cpu Firmware » Version: 20
cpe:2.3:o:mitsubishielectric:melsec_iq-r01cpu_firmware:20:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r01cpu » Version: N/A
Mitsubishielectric » Melsec Iq-r02cpu Firmware » Version: 20
cpe:2.3:o:mitsubishielectric:melsec_iq-r02cpu_firmware:20:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r02cpu » Version: N/A
Mitsubishielectric » Melsec Iq-r08pcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r08pcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r08pcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r16pcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r16pcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r16pcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r32pcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r32pcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r32pcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r120pcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r120pcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r120pcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r08sfcpu Firmware » Version: 22
cpe:2.3:o:mitsubishielectric:melsec_iq-r08sfcpu_firmware:22:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r08sfcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r16sfcpu Firmware » Version: 22
cpe:2.3:o:mitsubishielectric:melsec_iq-r16sfcpu_firmware:22:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r16sfcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r32sfcpu Firmware » Version: 22
cpe:2.3:o:mitsubishielectric:melsec_iq-r32sfcpu_firmware:22:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r32sfcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r120sfcpu Firmware » Version: 22
cpe:2.3:o:mitsubishielectric:melsec_iq-r120sfcpu_firmware:22:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r120sfcpu » Version: N/A
Mitsubishielectric » Melsec Q-q04udpvcpu Firmware » Version: 22031
cpe:2.3:o:mitsubishielectric:melsec_q-q04udpvcpu_firmware:22031:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q04udpvcpu » Version: N/A
Mitsubishielectric » Melsec Q-q06udpvcpu Firmware » Version: 22031
cpe:2.3:o:mitsubishielectric:melsec_q-q06udpvcpu_firmware:22031:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q06udpvcpu » Version: N/A
Mitsubishielectric » Melsec Q-q13udpvcpu Firmware » Version: 22031
cpe:2.3:o:mitsubishielectric:melsec_q-q13udpvcpu_firmware:22031:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q13udpvcpu » Version: N/A
Mitsubishielectric » Melsec Q-q26udpvcpu Firmware » Version: 22031
cpe:2.3:o:mitsubishielectric:melsec_q-q26udpvcpu_firmware:22031:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q26udpvcpu » Version: N/A
Mitsubishielectric » Melsec Q-q03udvcpu Firmware » Version: 22031
cpe:2.3:o:mitsubishielectric:melsec_q-q03udvcpu_firmware:22031:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q03udvcpu » Version: N/A
Mitsubishielectric » Melsec Q-q04udvcpu Firmware » Version: 22031
cpe:2.3:o:mitsubishielectric:melsec_q-q04udvcpu_firmware:22031:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q04udvcpu » Version: N/A
Mitsubishielectric » Melsec Q-q13udvcpu Firmware » Version: 22031
cpe:2.3:o:mitsubishielectric:melsec_q-q13udvcpu_firmware:22031:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q13udvcpu » Version: N/A
Mitsubishielectric » Melsec Q-q26udvcpu Firmware » Version: 22031
cpe:2.3:o:mitsubishielectric:melsec_q-q26udvcpu_firmware:22031:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q26udvcpu » Version: N/A
Mitsubishielectric » Melsec Q-q03udecpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q03udecpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q03udecpu » Version: N/A
Mitsubishielectric » Melsec Q-q04udehcpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q04udehcpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q04udehcpu » Version: N/A
Mitsubishielectric » Melsec Q-q06udehcpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q06udehcpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q06udehcpu » Version: N/A
Mitsubishielectric » Melsec Q-q10udehcpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q10udehcpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q10udehcpu » Version: N/A
Mitsubishielectric » Melsec Q-q13udehcpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q13udehcpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q13udehcpu » Version: N/A
Mitsubishielectric » Melsec Q-q20udehcpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q20udehcpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q20udehcpu » Version: N/A
Mitsubishielectric » Melsec Q-q26udehcpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q26udehcpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q26udehcpu » Version: N/A
Mitsubishielectric » Melsec Q-q50udehcpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q50udehcpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q50udehcpu » Version: N/A
Mitsubishielectric » Melsec Q-q100udehcpu Firmware » Version: 22081
cpe:2.3:o:mitsubishielectric:melsec_q-q100udehcpu_firmware:22081:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q100udehcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r04encpu Firmware » Version: 52
cpe:2.3:o:mitsubishielectric:melsec_iq-r04encpu_firmware:52:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r04encpu » Version: N/A
Mitsubishielectric » Melsec Iq-r08encpu Firmware » Version: 52
cpe:2.3:o:mitsubishielectric:melsec_iq-r08encpu_firmware:52:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r08encpu » Version: N/A
Mitsubishielectric » Melsec Iq-r16encpu Firmware » Version: 52
cpe:2.3:o:mitsubishielectric:melsec_iq-r16encpu_firmware:52:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r16encpu » Version: N/A
Mitsubishielectric » Melsec Iq-r32encpu Firmware » Version: 52
cpe:2.3:o:mitsubishielectric:melsec_iq-r32encpu_firmware:52:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r32encpu » Version: N/A
Mitsubishielectric » Melsec Iq-r120encpu Firmware » Version: 52
cpe:2.3:o:mitsubishielectric:melsec_iq-r120encpu_firmware:52:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r120encpu » Version: N/A
Mitsubishielectric » Melsec Iq-r08psfcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r08psfcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r08psfcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r120psfcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r120psfcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r120psfcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r16mtcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r16mtcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r16mtcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r16psfcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r16psfcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r16psfcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r32mtcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r32mtcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r32mtcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r32psfcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r32psfcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r32psfcpu » Version: N/A
Mitsubishielectric » Melsec Iq-r64mtcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_iq-r64mtcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Iq-r64mtcpu » Version: N/A
Mitsubishielectric » Melsec L02cpu-p Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_l02cpu-p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec L02cpu-p » Version: N/A
Mitsubishielectric » Melsec L06cpu-p Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_l06cpu-p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec L06cpu-p » Version: N/A
Mitsubishielectric » Melsec L26cpu-p Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_l26cpu-p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec L26cpu-p » Version: N/A
Mitsubishielectric » Melsec L26cpu-pbt Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_l26cpu-pbt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec L26cpu-pbt » Version: N/A
Mitsubishielectric » Melsec Q-q170mcpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_q-q170mcpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q170mcpu » Version: N/A
Mitsubishielectric » Melsec Q-q170mscpu-s1 Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_q-q170mscpu-s1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q170mscpu-s1 » Version: N/A
Mitsubishielectric » Melsec Q-q172dcpu-s1 Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_q-q172dcpu-s1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q172dcpu-s1 » Version: N/A
Mitsubishielectric » Melsec Q-q172dscpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_q-q172dscpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q172dscpu » Version: N/A
Mitsubishielectric » Melsec Q-q173dcpu-s1 Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_q-q173dcpu-s1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q173dcpu-s1 » Version: N/A
Mitsubishielectric » Melsec Q-q173dscpu Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_q-q173dscpu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-q173dscpu » Version: N/A
Mitsubishielectric » Melsec Q-qmr-mq100 Firmware » Version: N/A
cpe:2.3:o:mitsubishielectric:melsec_q-qmr-mq100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Melsec Q-qmr-mq100 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-5652

EPSS FAQ

0.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-5652

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-5652

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-5652

https://jvn.jp/vu/JVNVU96558207/index.html

JVNVU#96558207: 三菱電機製 MELSEC iQ-R、Q および L シリーズにおけるリソース枯渇の脆弱性
Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf

MITSUBISHI ELECTRIC Global website
Vendor Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf

Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-5652

Products affected by CVE-2020-5652

Exploit prediction scoring system (EPSS) score for CVE-2020-5652

CVSS scores for CVE-2020-5652

CWE ids for CVE-2020-5652

References for CVE-2020-5652