Vulnerabilites related to Mitsubishi Electric - MELSEC iQ-R series
var-202011-1252
Vulnerability from variot
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-rj71pn92",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81dl96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81opc96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81mes96n",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rj71eip91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "ethernet/ip \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rj71eip91: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d02\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "mes \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rd81mes96n: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "opc ua \u30b5\u30fc\u30d0\u30e6\u30cb\u30c3\u30c8 rd81opc96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "profinet io \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30e6\u30cb\u30c3\u30c8 rj71pn92: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d01\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u9ad8\u901f\u30c7\u30fc\u30bf\u30ed\u30ac\u30fc\u30e6\u30cb\u30c3\u30c8 rd81dl96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d08\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"cve": "CVE-2020-5656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5656",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5656",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 1.6,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-5656",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1662",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. \u2025 * Buffer error (CWE-119) - CVE-2020-5653 \u2025 * Session immobilization (CWE-384) - CVE-2020-5654 \u2025 * NULL Pointer dereference (CWE-476) - CVE-2020-5655 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-5656 \u2025 * Insert or change arguments (CWE-88) - CVE-2020-5657 \u2025 * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product\u0027s network functionality to stop or malicious programs to run",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "VULMON",
"id": "CVE-2020-5656"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92513419",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-5656",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-303-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.3753",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5656",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"id": "VAR-202011-1252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21111111
},
"last_update_date": "2022-05-04T09:15:37.828000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u30b7\u30ea\u30fc\u30ba\u306e\u5404\u7a2e\u60c5\u5831\uff0f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e6\u30cb\u30c3\u30c8\u306e TCP/IP\u6a5f\u80fd\u306b\u304a\u3051\u308b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"title": "Mitsubishi Electric MELSEC iQ-R, Q and L Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=132139"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu92513419/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5654"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5657"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5653"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92513419/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5656"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3753/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"date": "2020-11-02T21:15:00",
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"date": "2020-11-10T14:29:00",
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
}
],
"trust": 0.6
}
}
var-202011-1249
Vulnerability from variot
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1249",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-rj71pn92",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81dl96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81opc96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81mes96n",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rj71eip91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "ethernet/ip \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rj71eip91: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d02\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "mes \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rd81mes96n: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "opc ua \u30b5\u30fc\u30d0\u30e6\u30cb\u30c3\u30c8 rd81opc96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "profinet io \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30e6\u30cb\u30c3\u30c8 rj71pn92: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d01\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u9ad8\u901f\u30c7\u30fc\u30bf\u30ed\u30ac\u30fc\u30e6\u30cb\u30c3\u30c8 rd81dl96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d08\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"cve": "CVE-2020-5653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5653",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5653",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 1.6,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-5653",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1667",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1667"
},
{
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. \u2025 * Buffer error (CWE-119) - CVE-2020-5653 \u2025 * Session immobilization (CWE-384) - CVE-2020-5654 \u2025 * NULL Pointer dereference (CWE-476) - CVE-2020-5655 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-5656 \u2025 * Insert or change arguments (CWE-88) - CVE-2020-5657 \u2025 * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product\u0027s network functionality to stop or malicious programs to run",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "VULMON",
"id": "CVE-2020-5653"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92513419",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-5653",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-303-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.3753",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1667",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5653",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1667"
},
{
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"id": "VAR-202011-1249",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21111111
},
"last_update_date": "2022-05-04T09:15:40.640000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u30b7\u30ea\u30fc\u30ba\u306e\u5404\u7a2e\u60c5\u5831\uff0f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e6\u30cb\u30c3\u30c8\u306e TCP/IP\u6a5f\u80fd\u306b\u304a\u3051\u308b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"title": "MELSEC iQ-R,Q and L Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=132143"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1667"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu92513419/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5654"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5657"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5653"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92513419/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3753/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1667"
},
{
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-5653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1667"
},
{
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5653"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1667"
},
{
"date": "2020-11-02T21:15:00",
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5653"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1667"
},
{
"date": "2020-11-10T15:16:00",
"db": "NVD",
"id": "CVE-2020-5653"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1667"
}
],
"trust": 0.6
}
}
var-202011-1253
Vulnerability from variot
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-rj71pn92",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81dl96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81opc96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81mes96n",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rj71eip91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "ethernet/ip \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rj71eip91: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d02\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "mes \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rd81mes96n: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "opc ua \u30b5\u30fc\u30d0\u30e6\u30cb\u30c3\u30c8 rd81opc96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "profinet io \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30e6\u30cb\u30c3\u30c8 rj71pn92: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d01\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u9ad8\u901f\u30c7\u30fc\u30bf\u30ed\u30ac\u30fc\u30e6\u30cb\u30c3\u30c8 rd81dl96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d08\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"cve": "CVE-2020-5657",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-5657",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-5657",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 1.6,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-5657",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1660",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1660"
},
{
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. \u2025 * Buffer error (CWE-119) - CVE-2020-5653 \u2025 * Session immobilization (CWE-384) - CVE-2020-5654 \u2025 * NULL Pointer dereference (CWE-476) - CVE-2020-5655 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-5656 \u2025 * Insert or change arguments (CWE-88) - CVE-2020-5657 \u2025 * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product\u0027s network functionality to stop or malicious programs to run",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5657"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "VULMON",
"id": "CVE-2020-5657"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92513419",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-5657",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-303-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.3753",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1660",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5657",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5657"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1660"
},
{
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"id": "VAR-202011-1253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21111111
},
"last_update_date": "2022-05-04T09:15:40.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u30b7\u30ea\u30fc\u30ba\u306e\u5404\u7a2e\u60c5\u5831\uff0f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e6\u30cb\u30c3\u30c8\u306e TCP/IP\u6a5f\u80fd\u306b\u304a\u3051\u308b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"title": "Multiple Mitsubishi Electric Repair measures for product parameter injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133127"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1660"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu92513419/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5654"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5657"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5653"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92513419/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3753/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5657"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1660"
},
{
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-5657"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1660"
},
{
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5657"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1660"
},
{
"date": "2020-11-02T21:15:00",
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5657"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1660"
},
{
"date": "2020-11-10T14:22:00",
"db": "NVD",
"id": "CVE-2020-5657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1660"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parameter injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1660"
}
],
"trust": 0.6
}
}
var-202011-1254
Vulnerability from variot
Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-rj71pn92",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81dl96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81opc96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81mes96n",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rj71eip91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "ethernet/ip \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rj71eip91: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d02\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "mes \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rd81mes96n: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "opc ua \u30b5\u30fc\u30d0\u30e6\u30cb\u30c3\u30c8 rd81opc96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "profinet io \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30e6\u30cb\u30c3\u30c8 rj71pn92: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d01\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u9ad8\u901f\u30c7\u30fc\u30bf\u30ed\u30ac\u30fc\u30e6\u30cb\u30c3\u30c8 rd81dl96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d08\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"cve": "CVE-2020-5658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5658",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5658",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 1.6,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-5658",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1658",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1658"
},
{
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. \u2025 * Buffer error (CWE-119) - CVE-2020-5653 \u2025 * Session immobilization (CWE-384) - CVE-2020-5654 \u2025 * NULL Pointer dereference (CWE-476) - CVE-2020-5655 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-5656 \u2025 * Insert or change arguments (CWE-88) - CVE-2020-5657 \u2025 * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product\u0027s network functionality to stop or malicious programs to run",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5658"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "VULMON",
"id": "CVE-2020-5658"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92513419",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-5658",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-303-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.3753",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1658",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5658",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5658"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1658"
},
{
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"id": "VAR-202011-1254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21111111
},
"last_update_date": "2022-05-04T09:15:40.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u30b7\u30ea\u30fc\u30ba\u306e\u5404\u7a2e\u60c5\u5831\uff0f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e6\u30cb\u30c3\u30c8\u306e TCP/IP\u6a5f\u80fd\u306b\u304a\u3051\u308b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"title": "Multiple Mitsubishi Electric Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133126"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1658"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu92513419/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5654"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5657"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5653"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92513419/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5658"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3753/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5658"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1658"
},
{
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-5658"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1658"
},
{
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5658"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1658"
},
{
"date": "2020-11-02T21:15:00",
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5658"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1658"
},
{
"date": "2021-07-21T11:39:00",
"db": "NVD",
"id": "CVE-2020-5658"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1658"
}
],
"trust": 0.6
}
}
var-202011-1251
Vulnerability from variot
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-rj71pn92",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81dl96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81opc96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81mes96n",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rj71eip91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "ethernet/ip \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rj71eip91: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d02\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "mes \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rd81mes96n: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "opc ua \u30b5\u30fc\u30d0\u30e6\u30cb\u30c3\u30c8 rd81opc96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "profinet io \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30e6\u30cb\u30c3\u30c8 rj71pn92: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d01\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u9ad8\u901f\u30c7\u30fc\u30bf\u30ed\u30ac\u30fc\u30e6\u30cb\u30c3\u30c8 rd81dl96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d08\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"cve": "CVE-2020-5655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5655",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5655",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 1.6,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-5655",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1664",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1664"
},
{
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. \u2025 * Buffer error (CWE-119) - CVE-2020-5653 \u2025 * Session immobilization (CWE-384) - CVE-2020-5654 \u2025 * NULL Pointer dereference (CWE-476) - CVE-2020-5655 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-5656 \u2025 * Insert or change arguments (CWE-88) - CVE-2020-5657 \u2025 * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product\u0027s network functionality to stop or malicious programs to run",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5655"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "VULMON",
"id": "CVE-2020-5655"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92513419",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-5655",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-303-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.3753",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1664",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5655",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5655"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1664"
},
{
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"id": "VAR-202011-1251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21111111
},
"last_update_date": "2022-05-04T09:15:40.665000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u30b7\u30ea\u30fc\u30ba\u306e\u5404\u7a2e\u60c5\u5831\uff0f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e6\u30cb\u30c3\u30c8\u306e TCP/IP\u6a5f\u80fd\u306b\u304a\u3051\u308b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"title": "Multiple Mitsubishi Electric Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133128"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1664"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu92513419/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5654"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5657"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5653"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92513419/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5655"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3753/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5655"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1664"
},
{
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-5655"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1664"
},
{
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5655"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1664"
},
{
"date": "2020-11-02T21:15:00",
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5655"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1664"
},
{
"date": "2020-11-10T14:34:00",
"db": "NVD",
"id": "CVE-2020-5655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1664"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1664"
}
],
"trust": 0.6
}
}
var-202006-1511
Vulnerability from variot
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-f",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec fx series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-f series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec l series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec q series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "electric melsec fx",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-r",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-f",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec q",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec l",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"cve": "CVE-2020-5594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5594",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5594",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 10,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005854",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5594",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-005854",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5594",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU91424496",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-175-01",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2176",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"id": "VAR-202006-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
],
"trust": 1.3499999919999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
]
},
"last_update_date": "2024-11-23T22:33:25.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91424496"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2020-06-23T08:15:10.487000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2024-11-21T05:34:19.893000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R , iQ-F , Q , L , FX Of the series CPU With the unit GX Works3 and GX Works2 Vulnerability in plaintext communication between",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
}
}
var-202003-1411
Vulnerability from variot
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R , iQ-F , Q , L , F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company.
Many Mitsubishi Electric products have resource management error vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cr800-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q25prhcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r32encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12prhcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3u",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3g",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-pbt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q26dhccpu-ls",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r16encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5u",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l06cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12dccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q25phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r32cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r120encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3s",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r120cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q02phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-ls",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l06cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r08cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q172dscpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r00cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-bt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r04encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-vg2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r16cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3gc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r01cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r02cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q06phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q173nccpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q173dscpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r08encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02scpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02scpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r04cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec f series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec iq-f series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec l series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec q series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric melsec iq-r series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec iq-f series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec q series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec l series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec f series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
]
},
"cve": "CVE-2020-5527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5527",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002958",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29576",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5527",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002958",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-002958",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-29576",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1699",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R \uff0c iQ-F \uff0c Q \uff0c L \uff0c F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company. \n\r\n\r\nMany Mitsubishi Electric products have resource management error vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5527",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91553662",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-091-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-29576",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1157",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"id": "VAR-202003-1411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
]
},
"last_update_date": "2024-11-23T20:02:16.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSOFT\u4ea4\u4fe1\u30dd\u30fc\u30c8\uff08UDP/IP\uff09\u306b\u304a\u3051\u308b\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-005.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu91553662/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5527"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91553662/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5527"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1157/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"date": "2020-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"date": "2020-03-30T08:15:17.640000",
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"date": "2020-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"date": "2020-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"date": "2024-11-21T05:34:13.020000",
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC Of the series MELSOFT Resource exhaustion vulnerability in communication ports",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
],
"trust": 0.6
}
}
var-202011-1250
Vulnerability from variot
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1250",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-rj71pn92",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81dl96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81opc96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81mes96n",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rj71eip91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "ethernet/ip \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rj71eip91: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d02\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "mes \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rd81mes96n: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "opc ua \u30b5\u30fc\u30d0\u30e6\u30cb\u30c3\u30c8 rd81opc96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "profinet io \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30e6\u30cb\u30c3\u30c8 rj71pn92: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d01\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u9ad8\u901f\u30c7\u30fc\u30bf\u30ed\u30ac\u30fc\u30e6\u30cb\u30c3\u30c8 rd81dl96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d08\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"cve": "CVE-2020-5654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5654",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 1.6,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-5654",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1665",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1665"
},
{
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. \u2025 * Buffer error (CWE-119) - CVE-2020-5653 \u2025 * Session immobilization (CWE-384) - CVE-2020-5654 \u2025 * NULL Pointer dereference (CWE-476) - CVE-2020-5655 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-5656 \u2025 * Insert or change arguments (CWE-88) - CVE-2020-5657 \u2025 * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product\u0027s network functionality to stop or malicious programs to run",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5654"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "VULMON",
"id": "CVE-2020-5654"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92513419",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-5654",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-303-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.3753",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1665",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5654",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5654"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1665"
},
{
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"id": "VAR-202011-1250",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21111111
},
"last_update_date": "2022-05-04T09:15:37.854000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u30b7\u30ea\u30fc\u30ba\u306e\u5404\u7a2e\u60c5\u5831\uff0f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e6\u30cb\u30c3\u30c8\u306e TCP/IP\u6a5f\u80fd\u306b\u304a\u3051\u308b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"title": "Multiple Mitsubishi Electric Product Authorization Issue Vulnerability Fixing Measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133129"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1665"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu92513419/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5654"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5657"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5653"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92513419/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3753/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5654"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1665"
},
{
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-5654"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1665"
},
{
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5654"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1665"
},
{
"date": "2020-11-02T21:15:00",
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5654"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1665"
},
{
"date": "2020-11-10T15:27:00",
"db": "NVD",
"id": "CVE-2020-5654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1665"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1665"
}
],
"trust": 0.6
}
}
var-202011-1259
Vulnerability from variot
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series CPU The unit is exhausted (CWE-400) Vulnerability exists. According to the developer, the engineering tool " Web If the "whether or not server is used" setting is set to "not used", it is not affected by this vulnerability. ( The default setting is "not used" ) .. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : NEC Corporation Tomoomi Iwata Mr. A reset is required for recovery
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-r16",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r02",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "05"
},
{
"model": "melsec iq-r01",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "05"
},
{
"model": "melsec iq-r02",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "19"
},
{
"model": "melsec iq-r16",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r08",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r01",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "19"
},
{
"model": "melsec iq-r04",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r00",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "19"
},
{
"model": "melsec iq-r08",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r120",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r32",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r120",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r04",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r32",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r00",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "05"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "r00/01/02cpu \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 \"05\" \u304b\u3089 \"19\""
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "r04/08/16/32/120(en)cpu \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 \"35\" \u304b\u3089 \"51\""
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
}
]
},
"cve": "CVE-2020-5666",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-5666",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 5.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000072",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5666",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000072",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5666",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000072",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1002",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from \u002705\u0027 to \u002719\u0027 and R04/08/16/32/120(EN)CPU Firmware versions from \u002735\u0027 to \u002751\u0027) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series CPU The unit is exhausted (CWE-400) Vulnerability exists. According to the developer, the engineering tool \" Web If the \"whether or not server is used\" setting is set to \"not used\", it is not affected by this vulnerability. ( The default setting is \"not used\" ) .. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : NEC Corporation Tomoomi Iwata Mr. A reset is required for recovery",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5666"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN44764844",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-317-01",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-5666",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000072",
"trust": 1.4
},
{
"db": "AUSCERT",
"id": "ESB-2020.4044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"id": "VAR-202011-1259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T22:05:19.579000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R \u30b7\u30ea\u30fc\u30ba CPU \u30e6\u30cb\u30c3\u30c8\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u62d2\u5426 (DoS) \u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-015.pdf"
},
{
"title": "Mitsubishi Electric MELSEC iQ-R series Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135734"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01"
},
{
"trust": 2.4,
"url": "https://jvn.jp/jp/jvn44764844/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-015_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn44764844/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5666"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4044/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5666"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000072.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-12T03:28:15",
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"date": "2020-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"date": "2020-11-16T01:15:13.327000",
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-13T02:24:14",
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"date": "2020-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"date": "2024-11-21T05:34:26.980000",
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MELSEC iQ-R Series sequencer CPU Resource exhaustion vulnerability in the unit",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
}
],
"trust": 0.6
}
}
jvndb-2020-005854
Vulnerability from jvndb
Published
2020-06-24 10:32
Modified
2020-06-24 10:32
Severity ?
Summary
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information
Details
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU91424496/ | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-5594 | |
| ICS-CERT ADVISORY | https://www.us-cert.gov/ics/advisories/icsa-20-175-01 | |
| Cleartext Transmission of Sensitive Information(CWE-319) | https://cwe.mitre.org/data/definitions/319.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
"dc:date": "2020-06-24T10:32+09:00",
"dcterms:issued": "2020-06-24T10:32+09:00",
"dcterms:modified": "2020-06-24T10:32+09:00",
"description": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
"sec:cpe": [
{
"#text": "cpe:/o:mitsubishielectric:melsec-fx_firmware",
"@product": "MELSEC FX series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
"@product": "MELSEC L series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
"@product": "MELSEC Q series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
"@product": "MELSEC iQ-F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
"@product": "MELSEC iQ-R series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2020-005854",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91424496/",
"@id": "JVNVU#91424496",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594",
"@id": "CVE-2020-5594",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594",
"@id": "CVE-2020-5594",
"@source": "NVD"
},
{
"#text": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01",
"@id": "ICSA-20-175-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/319.html",
"@id": "CWE-319",
"@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
}
],
"title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information"
}
jvndb-2020-000072
Vulnerability from jvndb
Published
2020-11-12 14:58
Modified
2020-11-13 12:06
Severity ?
Summary
MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption
Details
MELSEC iQ-R series CPU modules provided by Mitsubishi Electric Corporation contain an uncontrolled resource consumption vulnerability (CWE-400).
According to the developer, in case of "To Use or Not to Use Web Server Settings" in the parameter of CPU modules are set to "Not Use", this issue does not occur. (The default setting is "Not Use".)
TOMOOMI IWATA, KINOSHITA SHUNICHI of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mitsubishi Electric | MELSEC iQ-R series |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000072.html",
"dc:date": "2020-11-13T12:06+09:00",
"dcterms:issued": "2020-11-12T14:58+09:00",
"dcterms:modified": "2020-11-13T12:06+09:00",
"description": "MELSEC iQ-R series CPU modules provided by Mitsubishi Electric Corporation contain an uncontrolled resource consumption vulnerability (CWE-400).\r\n\r\nAccording to the developer, in case of \"To Use or Not to Use Web Server Settings\" in the parameter of CPU modules are set to \"Not Use\", this issue does not occur. (The default setting is \"Not Use\".)\r\n\r\nTOMOOMI IWATA, KINOSHITA SHUNICHI of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000072.html",
"sec:cpe": {
"#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
"@product": "MELSEC iQ-R series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000072",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN44764844/index.html",
"@id": "JVN#44764844",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5666",
"@id": "CVE-2020-5666",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5666",
"@id": "CVE-2020-5666",
"@source": "NVD"
},
{
"#text": "https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01",
"@id": "ICSA-20-317-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption"
}
jvndb-2020-002958
Vulnerability from jvndb
Published
2020-03-31 13:37
Modified
2020-04-01 14:45
Severity ?
Summary
Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port
Details
MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400). When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition.
Mitsubishi Electric Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU91553662/ | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5527 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-5527 | |
| ICS-CERT ADVISORY | https://www.us-cert.gov/ics/advisories/icsa-20-091-02 | |
| Uncontrolled Resource Consumption ('Resource Exhaustion')(CWE-400) | https://cwe.mitre.org/data/definitions/400.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002958.html",
"dc:date": "2020-04-01T14:45+09:00",
"dcterms:issued": "2020-03-31T13:37+09:00",
"dcterms:modified": "2020-04-01T14:45+09:00",
"description": "MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400). When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition.\r\n\r\nMitsubishi Electric Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002958.html",
"sec:cpe": [
{
"#text": "cpe:/a:mitsubishielectric:melsec_f_series",
"@product": "MELSEC F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
"@product": "MELSEC L series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
"@product": "MELSEC Q series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
"@product": "MELSEC iQ-F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
"@product": "MELSEC iQ-R series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-002958",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91553662/",
"@id": "JVNVU#91553662",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5527",
"@id": "CVE-2020-5527",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5527",
"@id": "CVE-2020-5527",
"@source": "NVD"
},
{
"#text": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02",
"@id": "ICSA-20-091-02",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/400.html",
"@id": "CWE-400",
"@title": "Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)(CWE-400)"
}
],
"title": "Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port"
}