Vulnerability Details : CVE-2021-20611
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2021-20611
- cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*When used together with: Mitsubishi » Melsec Iq-r R08 Cpu
- cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r04_pcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r08_pcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r16_pcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r32_pcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r120_pcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r16_mtcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r32_mtcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r64_mtcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q03udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q04udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q06udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q10udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q13udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q20udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q26udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q50udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q100udecpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q03udvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q04udvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q06udvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q13udvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q26udvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q04udpvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q06udpvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q13udpvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q26udpvcpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q12dccpu-v_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q24dhccpu-v\(g\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q24dhccpu-ls_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q26dhccpu-ls_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_mr-mq100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q172dcpu-s1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q173dcpu-s1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q172dscpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q173dscpu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q170mscpu\(-s1\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_q170mcpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_l26cpu-\(p\)bt_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_l26cpu\(-p\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_l06cpu\(-p\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishi:melsec_l02cpu\(-p\)_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20611
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20611
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Mitsubishi Electric Corporation | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-20611
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2021-20611
-
https://jvn.jp/vu/JVNVU94434051/index.html
JVNVU#94434051: 三菱電機製MELSECおよびMELIPCシリーズのEthernetポートにおける複数の脆弱性Third Party Advisory
-
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Mitsubishi Electric MELSEC and MELIPC Series | CISAThird Party Advisory;US Government Resource
-
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
Vendor Advisory
Jump to