CVE-2021-20586 : Resource management errors vulnerability in a robot controller of MELFA FR Serie

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.

Published 2021-01-29 15:15:13

Updated 2022-07-12 17:42:04

Source Mitsubishi Electric Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-20586

Mitsubishielectric » Rv2fr Firmware
cpe:2.3:o:mitsubishielectric:rv2fr_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv2fr » Version: N/A
Mitsubishielectric » Rv2frl Firmware
cpe:2.3:o:mitsubishielectric:rv2frl_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv2frl » Version: N/A
Mitsubishielectric » Rv4fr Firmware
cpe:2.3:o:mitsubishielectric:rv4fr_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv4fr » Version: N/A
Mitsubishielectric » Rv4frl Firmware
cpe:2.3:o:mitsubishielectric:rv4frl_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv4frl » Version: N/A
Mitsubishielectric » Rv7fr Firmware
cpe:2.3:o:mitsubishielectric:rv7fr_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv7fr » Version: N/A
Mitsubishielectric » Rv7frl Firmware
cpe:2.3:o:mitsubishielectric:rv7frl_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv7frl » Version: N/A
Mitsubishielectric » Rv7frll Firmware
cpe:2.3:o:mitsubishielectric:rv7frll_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv7frll » Version: N/A
Mitsubishielectric » Rv13fr Firmware
cpe:2.3:o:mitsubishielectric:rv13fr_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv13fr » Version: N/A
Mitsubishielectric » Rv13frl Firmware
cpe:2.3:o:mitsubishielectric:rv13frl_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv13frl » Version: N/A
Mitsubishielectric » Rv20fr Firmware
cpe:2.3:o:mitsubishielectric:rv20fr_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv20fr » Version: N/A
Mitsubishielectric » Rh1frhr Firmware
cpe:2.3:o:mitsubishielectric:rh1frhr_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh1frhr » Version: N/A
Mitsubishielectric » Rh3frhr Firmware
cpe:2.3:o:mitsubishielectric:rh3frhr_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh3frhr » Version: N/A
Mitsubishielectric » Rh3frh35 Firmware
cpe:2.3:o:mitsubishielectric:rh3frh35_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh3frh35 » Version: N/A
Mitsubishielectric » Rh3frh45 Firmware
cpe:2.3:o:mitsubishielectric:rh3frh45_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh3frh45 » Version: N/A
Mitsubishielectric » Rh3frh55 Firmware
cpe:2.3:o:mitsubishielectric:rh3frh55_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh3frh55 » Version: N/A
Mitsubishielectric » Rh6frh35 Firmware
cpe:2.3:o:mitsubishielectric:rh6frh35_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh6frh35 » Version: N/A
Mitsubishielectric » Rh6frh45 Firmware
cpe:2.3:o:mitsubishielectric:rh6frh45_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh6frh45 » Version: N/A
Mitsubishielectric » Rh6frh55 Firmware
cpe:2.3:o:mitsubishielectric:rh6frh55_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh6frh55 » Version: N/A
Mitsubishielectric » Rh12frh55 Firmware
cpe:2.3:o:mitsubishielectric:rh12frh55_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh12frh55 » Version: N/A
Mitsubishielectric » Rh12rfh70 Firmware
cpe:2.3:o:mitsubishielectric:rh12rfh70_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh12rfh70 » Version: N/A
Mitsubishielectric » Rh12frh85 Firmware
cpe:2.3:o:mitsubishielectric:rh12frh85_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh12frh85 » Version: N/A
Mitsubishielectric » Rh20frh85 Firmware
cpe:2.3:o:mitsubishielectric:rh20frh85_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh20frh85 » Version: N/A
Mitsubishielectric » Rh20frh100 Firmware
cpe:2.3:o:mitsubishielectric:rh20frh100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rh20frh100 » Version: N/A
Mitsubishielectric » Rv2fr(b) Firmware
cpe:2.3:o:mitsubishielectric:rv2fr\(b\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv2fr(b) » Version: N/A
Mitsubishielectric » Rv2frl(b) Firmware
cpe:2.3:o:mitsubishielectric:rv2frl\(b\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv2frl(b) » Version: N/A
Mitsubishielectric » Rv4frm/c Firmware
cpe:2.3:o:mitsubishielectric:rv4frm\/c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv4frm/c » Version: N/A
Mitsubishielectric » Rv4frlm/c Firmware
cpe:2.3:o:mitsubishielectric:rv4frlm\/c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv4frlm/c » Version: N/A
Mitsubishielectric » Rv7frm/c Firmware
cpe:2.3:o:mitsubishielectric:rv7frm\/c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv7frm/c » Version: N/A
Mitsubishielectric » Rv7frlm/c Firmware
cpe:2.3:o:mitsubishielectric:rv7frlm\/c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv7frlm/c » Version: N/A
Mitsubishielectric » Rv7frllm/c Firmware
cpe:2.3:o:mitsubishielectric:rv7frllm\/c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv7frllm/c » Version: N/A
Mitsubishielectric » Rv13frm/c Firmware
cpe:2.3:o:mitsubishielectric:rv13frm\/c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv13frm/c » Version: N/A
Mitsubishielectric » Rv13frlm/c Firmware
cpe:2.3:o:mitsubishielectric:rv13frlm\/c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv13frlm/c » Version: N/A
Mitsubishielectric » Rv20frm/c Firmware
cpe:2.3:o:mitsubishielectric:rv20frm\/c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Mitsubishielectric » Rv20frm/c » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-20586

EPSS FAQ

2.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-20586

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2021-20586

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf

MITSUBISHI ELECTRIC Global website
Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-20586

Products affected by CVE-2021-20586

Exploit prediction scoring system (EPSS) score for CVE-2021-20586

CVSS scores for CVE-2021-20586

References for CVE-2021-20586