CVE-2020-5652
Last modified
CVE-2020-5652 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .. EPSS estimates a 3.53% chance of exploitation in the next 30 days.
Description
Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Melsec Q-Q04udpvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q06udpvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q13udpvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q26udpvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q03udvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q04udvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q13udvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q26udvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q03udecpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q04udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q06udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q10udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q13udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q20udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q26udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q50udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q100udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Iq-R08sfcpu Firmware | 22 |
| Mitsubishielectric | Melsec Iq-R16sfcpu Firmware | 22 |
| Mitsubishielectric | Melsec Iq-R32sfcpu Firmware | 22 |
| Mitsubishielectric | Melsec Iq-R120sfcpu Firmware | 22 |
| Mitsubishielectric | Melsec Iq-R04encpu Firmware | 52 |
| Mitsubishielectric | Melsec Iq-R08encpu Firmware | 52 |
| Mitsubishielectric | Melsec Iq-R16encpu Firmware | 52 |
| Mitsubishielectric | Melsec Iq-R32encpu Firmware | 52 |
| Mitsubishielectric | Melsec Iq-R120encpu Firmware | 52 |
| Mitsubishielectric | Melsec Iq-R00cpu Firmware | 20 |
| Mitsubishielectric | Melsec Iq-R01cpu Firmware | 20 |
| Mitsubishielectric | Melsec Iq-R02cpu Firmware | 20 |
| Mitsubishielectric | Melsec Iq-R08pcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R08psfcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R120pcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R120psfcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R16mtcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R16pcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R16psfcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R32mtcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R32pcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R32psfcpu Firmware | All versions |
| Mitsubishielectric | Melsec Iq-R64mtcpu Firmware | All versions |
| Mitsubishielectric | Melsec L02cpu-P Firmware | All versions |
| Mitsubishielectric | Melsec L06cpu-P Firmware | All versions |
| Mitsubishielectric | Melsec L26cpu-P Firmware | All versions |
| Mitsubishielectric | Melsec L26cpu-Pbt Firmware | All versions |
| Mitsubishielectric | Melsec Q-Q170mcpu Firmware | All versions |
| Mitsubishielectric | Melsec Q-Q170mscpu-S1 Firmware | All versions |
| Mitsubishielectric | Melsec Q-Q172dcpu-S1 Firmware | All versions |
| Mitsubishielectric | Melsec Q-Q172dscpu Firmware | All versions |
| Mitsubishielectric | Melsec Q-Q173dcpu-S1 Firmware | All versions |
| Mitsubishielectric | Melsec Q-Q173dscpu Firmware | All versions |
Showing 50 of 51 affected configurations. See NVD for the full list.
References
- https://jvn.jp/vu/JVNVU96558207/index.htmlThird Party Advisory
- https://jvn.jp/vu/JVNVU96558207/index.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5652?
How severe is CVE-2020-5652?
How do I fix CVE-2020-5652?
Are you affected by CVE-2020-5652?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST