CVE-2020-13238

Name: CVE-2020-13238
Creator: NVD / NIST
Published: 2020-06-10T20:15:14.14+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 3.34%

Last modified Jun 17, 2026

CVE-2020-13238 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.. EPSS estimates a 3.34% chance of exploitation in the next 30 days.

Description

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

3.34%

87.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Mitsubishielectric	Melsec Iq-R00cpu Firmware	<= 7
Mitsubishielectric	Melsec Iq-R01cpu Firmware	<= 7
Mitsubishielectric	Melsec Iq-R02cpu Firmware	<= 7
Mitsubishielectric	Melsec Iq-R04cpu Firmware	<= 39
Mitsubishielectric	Melsec Iq-R08cpu Firmware	<= 39
Mitsubishielectric	Melsec Iq-R16cpu Firmware	<= 39
Mitsubishielectric	Melsec Iq-R32cpu Firmware	<= 39
Mitsubishielectric	Melsec Iq-R120cpu Firmware	<= 39
Mitsubishielectric	Melsec Iq-R08fcpu Firmware	<= 20
Mitsubishielectric	Melsec Iq-R16fcpu Firmware	<= 20
Mitsubishielectric	Melsec Iq-R32fcpu Firmware	<= 20
Mitsubishielectric	Melsec Iq-R120fcpu Firmware	<= 20
Mitsubishielectric	Melsec Iq-R08pcpu Firmware	All versions
Mitsubishielectric	Melsec Iq-R16pcpu Firmware	All versions
Mitsubishielectric	Melsec Iq-R32pcpu Firmware	All versions
Mitsubishielectric	Melsec Iq-R120pcpu Firmware	All versions
Mitsubishielectric	Melsec Iq-R08sfcpu Firmware	All versions
Mitsubishielectric	Melsec Iq-R16sfcpu Firmware	All versions
Mitsubishielectric	Melsec Iq-R32sfcpu Firmware	All versions
Mitsubishielectric	Melsec Iq-R120sfcpu Firmware	All versions
Mitsubishielectric	Melsec Iq-Rj71en71 Firmware	All versions

References

http://jvn.jp/vu/JVNVU97662844/index.htmlThird Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdfVendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-02Third Party Advisory, US Government Resource
http://jvn.jp/vu/JVNVU97662844/index.htmlThird Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdfVendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-02Third Party Advisory, US Government Resource

Timeline

Published: Jun 10, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-13238?

How severe is CVE-2020-13238?

CVE-2020-13238 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 3.34% probability of exploitation in the next 30 days.

How do I fix CVE-2020-13238?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-13238?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST