Vulnerability-Lookup

CNVD-2020-46803

Vulnerability from cnvd - Published: 2020-08-19

Title

Mitsubishi Electric MELSEC iQ-R系列资源消耗漏洞

Description

Misubishi Electric MELSEC iQ-R series是日本三菱电机（Misubishi Electric）公司的一款可编程逻辑控制器。 Mitsubishi Electric MELSEC iQ-R系列资源消耗漏洞，攻击者可通过在短时间内发送大量特制的数据包利用该漏洞消耗大量资源，进而导致以太网端口拒绝服务。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.mitsubishielectric.com/

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-161-02

Impacted products

Name
['Mitsubishi Electric R04/08/16/32/120ENCPU <=39', 'Mitsubishi Electric R00/01/02CPU <=7', 'Mitsubishi Electric R08/16/32/120SFCPU <=20', 'Mitsubishi Electric R08/16/32/120PCPU', 'Mitsubishi Electric R08/16/32/120PSFCPU', 'Mitsubishi Electric RJ71EN71', 'Mitsubishi Electric R04/08/16/32/120CPU <=39']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-13238"
    }
  },
  "description": "Misubishi Electric MELSEC iQ-R series\u662f\u65e5\u672c\u4e09\u83f1\u7535\u673a\uff08Misubishi Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\n\nMitsubishi Electric MELSEC iQ-R\u7cfb\u5217\u8d44\u6e90\u6d88\u8017\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728\u77ed\u65f6\u95f4\u5185\u53d1\u9001\u5927\u91cf\u7279\u5236\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u6d88\u8017\u5927\u91cf\u8d44\u6e90\uff0c\u8fdb\u800c\u5bfc\u81f4\u4ee5\u592a\u7f51\u7aef\u53e3\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.mitsubishielectric.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-46803",
  "openTime": "2020-08-19",
  "products": {
    "product": [
      "Mitsubishi Electric R04/08/16/32/120ENCPU \u003c=39",
      "Mitsubishi Electric R00/01/02CPU \u003c=7",
      "Mitsubishi Electric R08/16/32/120SFCPU \u003c=20",
      "Mitsubishi Electric R08/16/32/120PCPU",
      "Mitsubishi Electric R08/16/32/120PSFCPU",
      "Mitsubishi Electric RJ71EN71",
      "Mitsubishi Electric R04/08/16/32/120CPU \u003c=39"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-161-02",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-10",
  "title": "Mitsubishi Electric MELSEC iQ-R\u7cfb\u5217\u8d44\u6e90\u6d88\u8017\u6f0f\u6d1e"
}

CVE-2020-13238 (GCVE-0-2020-13238)

Vulnerability from cvelistv5 – Published: 2020-06-10 19:53 – Updated: 2024-08-04 12:11

Summary

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.mitsubishielectric.com/en/psirt/vulne…	x_refsource_CONFIRM
	http://jvn.jp/vu/JVNVU97662844/index.html	x_refsource_MISC
	https://www.us-cert.gov/ics/advisories/icsa-20-161-02	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.452Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/vu/JVNVU97662844/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T20:05:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/vu/JVNVU97662844/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdf"
            },
            {
              "name": "http://jvn.jp/vu/JVNVU97662844/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/vu/JVNVU97662844/index.html"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-02",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13238",
    "datePublished": "2020-06-10T19:53:01",
    "dateReserved": "2020-05-20T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-46803

CVE-2020-13238 (GCVE-0-2020-13238)

Tags

Sightings

Nomenclature