cvelistv5 - CVE-2020-5654

CVE-2020-5654 (GCVE-0-2020-5654)

Vulnerability from cvelistv5

Published

2020-10-30 03:35

Modified

2024-08-04 08:39

Severity ?

CWE

Session fixation

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/vu/JVNVU92513419/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU92513419/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Mitsubishi Electric Corporation	MELSEC iQ-R series	Version: RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:39:25.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU92513419/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MELSEC iQ-R series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Session fixation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-30T03:35:52",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU92513419/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5654",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MELSEC iQ-R series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Session fixation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
            },
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU92513419/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU92513419/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5654",
    "datePublished": "2020-10-30T03:35:52",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:39:25.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5654\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2020-11-02T21:15:33.837\",\"lastModified\":\"2024-11-21T05:34:25.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en la funci\u00f3n TCP/IP incluida en el firmware de la serie MELSEC iQ-R (los 2 d\u00edgitos del n\u00famero de serie son \\\"02\\\" o anteriores del EtherNet/IP Network Interface Module First RJ71EIP91, los 2 d\u00edgitos del n\u00famero de serie es \\\"01\\\" o anteriores del PROFINET IO Controller Module First RJ71PN92, los 2 d\u00edgitos del n\u00famero de serie son \\\"08\\\" o anteriores del High Speed Data Logger Module First RD81DL96, los 2 d\u00edgitos del n\u00famero de serie son \\\"04\\\" o anteriores del MES Interface Module First RD81MES96N, y los primeros de 2 d\u00edgitos del n\u00famero de serie son \\\"04\\\" o anteriores a OPC UA Server Module First RD81OPC96), permite a un atacante remoto no autenticado detener las funciones de red de los productos por medio de un paquete especialmente dise\u00f1ado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9596438-7894-4689-BB8B-5FC2C26A1298\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"668C0031-6B41-487A-958C-E2C8A04E902B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81F4A0C-68C9-474F-A695-CC7A2CB234D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82DE76F0-810F-460A-933B-41E341125A9D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDBB7DF2-C0D9-4F19-966A-C1EFF42BE6D2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC1B4D6-10A5-4DDE-BCF3-01CAE5389232\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7285B9D4-9913-4421-9B47-DA4E9E7C6371\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F76CBB13-1949-4941-A985-CB75D0109E47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14A32E47-C23B-4D2C-9B7E-1C080B1D7011\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48B179ED-8ACC-45EB-92A8-476A4F9F98E4\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU92513419/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU92513419/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2020-5654

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-5654

Aliases

CVE-2020-5654

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5654",
    "description": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.",
    "id": "GSD-2020-5654"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5654"
      ],
      "details": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.",
      "id": "GSD-2020-5654",
      "modified": "2023-12-13T01:22:03.533114Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2020-5654",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MELSEC iQ-R series",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mitsubishi Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Session fixation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
          },
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU92513419/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU92513419/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5654"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-384"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU92513419/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/vu/JVNVU92513419/index.html"
            },
            {
              "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-11-10T15:27Z",
      "publishedDate": "2020-11-02T21:15Z"
    }
  }
}

ghsa-pxwp-48rr-37f8

Vulnerability from github

Published

2022-05-24 17:33

Modified

2022-05-24 17:33

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-384"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-02T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.",
  "id": "GHSA-pxwp-48rr-37f8",
  "modified": "2022-05-24T17:33:04Z",
  "published": "2022-05-24T17:33:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5654"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU92513419/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

icsa-20-303-02

Vulnerability from csaf_cisa

Published

2020-10-29 00:00

Modified

2020-10-29 00:00

Summary

Mitsubishi Electric MELSEC iQ-R

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-303-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-303-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-303-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-303-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric MELSEC iQ-R",
    "tracking": {
      "current_release_date": "2020-10-29T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-303-02",
      "initial_release_date": "2020-10-29T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-10-29T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-303-02 Mitsubishi Electric MELSEC iQ-R Series"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 04 ",
                "product": {
                  "name": "OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "OPC UA Server Module RD81OPC96"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 08",
                "product": {
                  "name": "High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "High Speed Data Logger Module RD81DL96"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 02",
                "product": {
                  "name": "EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "EtherNet/IP Network Interface Module RJ71EIP91"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 01",
                "product": {
                  "name": "PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "PROFINET IO Controller Module RJ71PN92"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 04",
                "product": {
                  "name": "MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "MES Interface Module RD81MES96N"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-5653",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5653 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5653"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5654",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5654 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5654"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5655",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5655 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5655"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5656",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5656 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5656"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5657",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5657 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5657"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5658",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5658 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5658"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    }
  ]
}

ICSA-20-303-02

Vulnerability from csaf_cisa

Published

2020-10-29 00:00

Modified

2020-10-29 00:00

Summary

Mitsubishi Electric MELSEC iQ-R

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-303-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-303-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-303-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-303-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric MELSEC iQ-R",
    "tracking": {
      "current_release_date": "2020-10-29T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-303-02",
      "initial_release_date": "2020-10-29T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-10-29T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-303-02 Mitsubishi Electric MELSEC iQ-R Series"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 04 ",
                "product": {
                  "name": "OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "OPC UA Server Module RD81OPC96"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 08",
                "product": {
                  "name": "High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "High Speed Data Logger Module RD81DL96"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 02",
                "product": {
                  "name": "EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "EtherNet/IP Network Interface Module RJ71EIP91"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 01",
                "product": {
                  "name": "PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "PROFINET IO Controller Module RJ71PN92"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= first 2  digits of serial number are 04",
                "product": {
                  "name": "MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "MES Interface Module RD81MES96N"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-5653",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5653 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5653"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5654",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5654 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5654"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5655",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5655 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5655"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5656",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5656 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5656"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5657",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5657 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5657"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-5658",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5658 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5658"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    }
  ]
}

fkie_cve-2020-5654

Vulnerability from fkie_nvd

Published

2020-11-02 21:15

Modified

2024-11-21 05:34

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/vu/JVNVU92513419/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf	Vendor Advisory
vultures@jpcert.or.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU92513419/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	melsec_iq-rj71eip91_firmware	-
mitsubishielectric	melsec_iq-rj71eip91	-
mitsubishielectric	melsec_iq-rj71pn92_firmware	-
mitsubishielectric	melsec_iq-rj71pn92	-
mitsubishielectric	melsec_iq-rd81dl96_firmware	-
mitsubishielectric	melsec_iq-rd81dl96	-
mitsubishielectric	melsec_iq-rd81mes96n_firmware	-
mitsubishielectric	melsec_iq-rd81mes96n	-
mitsubishielectric	melsec_iq-rd81opc96_firmware	-
mitsubishielectric	melsec_iq-rd81opc96	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9596438-7894-4689-BB8B-5FC2C26A1298",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "668C0031-6B41-487A-958C-E2C8A04E902B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F81F4A0C-68C9-474F-A695-CC7A2CB234D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DE76F0-810F-460A-933B-41E341125A9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDBB7DF2-C0D9-4F19-966A-C1EFF42BE6D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC1B4D6-10A5-4DDE-BCF3-01CAE5389232",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7285B9D4-9913-4421-9B47-DA4E9E7C6371",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F76CBB13-1949-4941-A985-CB75D0109E47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A32E47-C23B-4D2C-9B7E-1C080B1D7011",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B179ED-8ACC-45EB-92A8-476A4F9F98E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en la funci\u00f3n TCP/IP incluida en el firmware de la serie MELSEC iQ-R (los 2 d\u00edgitos del n\u00famero de serie son \"02\" o anteriores del EtherNet/IP Network Interface Module First RJ71EIP91, los 2 d\u00edgitos del n\u00famero de serie es \"01\" o anteriores del PROFINET IO Controller Module First RJ71PN92, los 2 d\u00edgitos del n\u00famero de serie son \"08\" o anteriores del High Speed Data Logger Module First RD81DL96, los 2 d\u00edgitos del n\u00famero de serie son \"04\" o anteriores del MES Interface Module First RD81MES96N, y los primeros de 2 d\u00edgitos del n\u00famero de serie son \"04\" o anteriores a OPC UA Server Module First RD81OPC96), permite a un atacante remoto no autenticado detener las funciones de red de los productos por medio de un paquete especialmente dise\u00f1ado"
    }
  ],
  "id": "CVE-2020-5654",
  "lastModified": "2024-11-21T05:34:25.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-02T21:15:33.837",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU92513419/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU92513419/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-202011-1250

Vulnerability from variot

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1250",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "melsec iq-rj71pn92",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": null
      },
      {
        "model": "melsec iq-rd81dl96",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": null
      },
      {
        "model": "melsec iq-rd81opc96",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": null
      },
      {
        "model": "melsec iq-rd81mes96n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": null
      },
      {
        "model": "melsec iq-rj71eip91",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": null
      },
      {
        "model": "melsec iq-r series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "ethernet/ip \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rj71eip91: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d02\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
      },
      {
        "model": "melsec iq-r series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "mes \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rd81mes96n: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
      },
      {
        "model": "melsec iq-r series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "opc ua \u30b5\u30fc\u30d0\u30e6\u30cb\u30c3\u30c8 rd81opc96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
      },
      {
        "model": "melsec iq-r series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "profinet io \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30e6\u30cb\u30c3\u30c8 rj71pn92: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d01\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
      },
      {
        "model": "melsec iq-r series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mitsubishi electric",
        "version": "\u9ad8\u901f\u30c7\u30fc\u30bf\u30ed\u30ac\u30fc\u30e6\u30cb\u30c3\u30c8 rd81dl96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d08\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "cve": "CVE-2020-5654",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-5654",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009429",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009429",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-5654",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA score",
            "availabilityImpact": "High",
            "baseScore": 7.1,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009429",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009429",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2020-009429",
            "trust": 2.4,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-009429",
            "trust": 1.6,
            "value": "Critical"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-5654",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-009429",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202010-1665",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. \u2025 * Buffer error (CWE-119) - CVE-2020-5653 \u2025 * Session immobilization (CWE-384) - CVE-2020-5654 \u2025 * NULL Pointer dereference (CWE-476) - CVE-2020-5655 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-5656 \u2025 * Insert or change arguments (CWE-88) - CVE-2020-5657 \u2025 * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product\u0027s network functionality to stop or malicious programs to run",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5654"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVNVU92513419",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5654",
        "trust": 2.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-303-02",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3753",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1665",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5654",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-5654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "id": "VAR-202011-1250",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.21111111
  },
  "last_update_date": "2022-05-04T09:15:37.854000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MELSEC iQ-R\u30b7\u30ea\u30fc\u30ba\u306e\u5404\u7a2e\u60c5\u5831\uff0f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e6\u30cb\u30c3\u30c8\u306e TCP/IP\u6a5f\u80fd\u306b\u304a\u3051\u308b\u8907\u6570\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
      },
      {
        "title": "Multiple Mitsubishi Electric Product Authorization Issue Vulnerability Fixing Measures",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=133129"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-384",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://jvn.jp/vu/jvnvu92513419/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5654"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5655"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5656"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5657"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5658"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5653"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92513419/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3753/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5654"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-5654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-5654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-11-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5654"
      },
      {
        "date": "2020-11-05T06:29:48",
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "date": "2020-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      },
      {
        "date": "2020-11-02T21:15:00",
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-11-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5654"
      },
      {
        "date": "2020-11-05T06:29:48",
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      },
      {
        "date": "2020-11-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      },
      {
        "date": "2020-11-10T15:27:00",
        "db": "NVD",
        "id": "CVE-2020-5654"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Made by Mitsubishi Electric  MELSEC iQ-R Multiple vulnerabilities in the series",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009429"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1665"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-5654 (GCVE-0-2020-5654)

Vulnerability from cvelistv5

gsd-2020-5654

Vulnerability from gsd

ghsa-pxwp-48rr-37f8

Vulnerability from github

icsa-20-303-02

Vulnerability from csaf_cisa

ICSA-20-303-02

Vulnerability from csaf_cisa

fkie_cve-2020-5654

Vulnerability from fkie_nvd

var-202011-1250

Vulnerability from variot

Tags

Sightings

Nomenclature