CVE-2020-5652 - Vulnerability Details

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.02972.

Key SSVC decision points have not yet been added.

Vendors	Products
Mitsubishielectric Subscribe	Melsec Iq-r00cpu Subscribe Melsec Iq-r00cpu Firmware Subscribe Melsec Iq-r01cpu Subscribe Melsec Iq-r01cpu Firmware Subscribe Melsec Iq-r02cpu Subscribe Melsec Iq-r02cpu Firmware Subscribe Melsec Iq-r04encpu Subscribe Melsec Iq-r04encpu Firmware Subscribe Melsec Iq-r08encpu Subscribe Melsec Iq-r08encpu Firmware Subscribe Melsec Iq-r08pcpu Subscribe Melsec Iq-r08pcpu Firmware Subscribe Melsec Iq-r08psfcpu Subscribe Melsec Iq-r08psfcpu Firmware Subscribe Melsec Iq-r08sfcpu Subscribe Melsec Iq-r08sfcpu Firmware Subscribe Melsec Iq-r120encpu Subscribe Melsec Iq-r120encpu Firmware Subscribe Melsec Iq-r120pcpu Subscribe Melsec Iq-r120pcpu Firmware Subscribe Melsec Iq-r120psfcpu Subscribe Melsec Iq-r120psfcpu Firmware Subscribe Melsec Iq-r120sfcpu Subscribe Melsec Iq-r120sfcpu Firmware Subscribe Melsec Iq-r16encpu Subscribe Melsec Iq-r16encpu Firmware Subscribe Melsec Iq-r16mtcpu Subscribe Melsec Iq-r16mtcpu Firmware Subscribe Melsec Iq-r16pcpu Subscribe Melsec Iq-r16pcpu Firmware Subscribe Melsec Iq-r16psfcpu Subscribe Melsec Iq-r16psfcpu Firmware Subscribe Melsec Iq-r16sfcpu Subscribe Melsec Iq-r16sfcpu Firmware Subscribe Melsec Iq-r32encpu Subscribe Melsec Iq-r32encpu Firmware Subscribe Melsec Iq-r32mtcpu Subscribe Melsec Iq-r32mtcpu Firmware Subscribe Melsec Iq-r32pcpu Subscribe Melsec Iq-r32pcpu Firmware Subscribe Melsec Iq-r32psfcpu Subscribe Melsec Iq-r32psfcpu Firmware Subscribe Melsec Iq-r32sfcpu Subscribe Melsec Iq-r32sfcpu Firmware Subscribe Melsec Iq-r64mtcpu Subscribe Melsec Iq-r64mtcpu Firmware Subscribe Melsec L02cpu-p Subscribe Melsec L02cpu-p Firmware Subscribe Melsec L06cpu-p Subscribe Melsec L06cpu-p Firmware Subscribe Melsec L26cpu-p Subscribe Melsec L26cpu-p Firmware Subscribe Melsec L26cpu-pbt Subscribe Melsec L26cpu-pbt Firmware Subscribe Melsec Q-q03udecpu Subscribe Melsec Q-q03udecpu Firmware Subscribe Melsec Q-q03udvcpu Subscribe Melsec Q-q03udvcpu Firmware Subscribe Melsec Q-q04udehcpu Subscribe Melsec Q-q04udehcpu Firmware Subscribe Melsec Q-q04udpvcpu Subscribe Melsec Q-q04udpvcpu Firmware Subscribe Melsec Q-q04udvcpu Subscribe Melsec Q-q04udvcpu Firmware Subscribe Melsec Q-q06udehcpu Subscribe Melsec Q-q06udehcpu Firmware Subscribe Melsec Q-q06udpvcpu Subscribe Melsec Q-q06udpvcpu Firmware Subscribe Melsec Q-q100udehcpu Subscribe Melsec Q-q100udehcpu Firmware Subscribe Melsec Q-q10udehcpu Subscribe Melsec Q-q10udehcpu Firmware Subscribe Melsec Q-q13udehcpu Subscribe Melsec Q-q13udehcpu Firmware Subscribe Melsec Q-q13udpvcpu Subscribe Melsec Q-q13udpvcpu Firmware Subscribe Melsec Q-q13udvcpu Subscribe Melsec Q-q13udvcpu Firmware Subscribe Melsec Q-q170mcpu Subscribe Melsec Q-q170mcpu Firmware Subscribe Melsec Q-q170mscpu-s1 Subscribe Melsec Q-q170mscpu-s1 Firmware Subscribe Melsec Q-q172dcpu-s1 Subscribe Melsec Q-q172dcpu-s1 Firmware Subscribe Melsec Q-q172dscpu Subscribe Melsec Q-q172dscpu Firmware Subscribe Melsec Q-q173dcpu-s1 Subscribe Melsec Q-q173dcpu-s1 Firmware Subscribe Melsec Q-q173dscpu Subscribe Melsec Q-q173dscpu Firmware Subscribe Melsec Q-q20udehcpu Subscribe Melsec Q-q20udehcpu Firmware Subscribe Melsec Q-q26udehcpu Subscribe Melsec Q-q26udehcpu Firmware Subscribe Melsec Q-q26udpvcpu Subscribe Melsec Q-q26udpvcpu Firmware Subscribe Melsec Q-q26udvcpu Subscribe Melsec Q-q26udvcpu Firmware Subscribe Melsec Q-q50udehcpu Subscribe Melsec Q-q50udehcpu Firmware Subscribe Melsec Q-qmr-mq100 Subscribe Melsec Q-qmr-mq100 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q04udpvcpu_firmware:22031:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q04udpvcpu:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q06udpvcpu_firmware:22031:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q06udpvcpu:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q13udpvcpu_firmware:22031:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q13udpvcpu:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q26udpvcpu_firmware:22031:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q26udpvcpu:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q03udvcpu_firmware:22031:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q03udvcpu:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q04udvcpu_firmware:22031:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q04udvcpu:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q13udvcpu_firmware:22031:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q13udvcpu:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q26udvcpu_firmware:22031:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q26udvcpu:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q03udecpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q04udehcpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q06udehcpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q10udehcpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q13udehcpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q20udehcpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q26udehcpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q50udehcpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q100udehcpu_firmware:22081:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r08sfcpu_firmware:22:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r08sfcpu:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r16sfcpu_firmware:22:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r16sfcpu:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r32sfcpu_firmware:22:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r32sfcpu:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r120sfcpu_firmware:22:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r120sfcpu:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r04encpu_firmware:52:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r04encpu:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r08encpu_firmware:52:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r08encpu:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r16encpu_firmware:52:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r16encpu:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r32encpu_firmware:52:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r32encpu:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r120encpu_firmware:52:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r120encpu:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r00cpu_firmware:20:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r00cpu:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r01cpu_firmware:20:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r01cpu:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r02cpu_firmware:20:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r02cpu:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r08pcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r08pcpu:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r08psfcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r08psfcpu:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r120pcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r120pcpu:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r120psfcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r120psfcpu:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r16mtcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r16mtcpu:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r16pcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r16pcpu:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r16psfcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r16psfcpu:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r32mtcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r32mtcpu:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r32pcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r32pcpu:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r32psfcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r32psfcpu:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_iq-r64mtcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_iq-r64mtcpu:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_l02cpu-p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_l06cpu-p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_l26cpu-p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_l26cpu-pbt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q170mcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q170mcpu:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q170mscpu-s1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q170mscpu-s1:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q172dcpu-s1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q172dcpu-s1:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q172dscpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q172dscpu:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q173dcpu-s1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q173dcpu-s1:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-q173dscpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-q173dscpu:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:mitsubishielectric:melsec_q-qmr-mq100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:melsec_q-qmr-mq100:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-26813	Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/vu/JVNVU96558207/index.html
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2020-10-30T03:35:51

Updated: 2024-08-04T08:39:25.481Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5652

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-02T21:15:33.697

Modified: 2024-11-21T05:34:25.693

Link: CVE-2020-5652

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-400

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object