CVE-2021-20586

Name: CVE-2021-20586
Creator: NVD / NIST
Published: 2021-01-29T15:15:12.833+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.74%

Last modified Jun 17, 2026

CVE-2021-20586 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. EPSS estimates a 2.74% chance of exploitation in the next 30 days.

Description

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.74%

84.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Mitsubishielectric	Rv2fr Firmware	All versions
Mitsubishielectric	Rv2frl Firmware	All versions
Mitsubishielectric	Rv4fr Firmware	All versions
Mitsubishielectric	Rv4frl Firmware	All versions
Mitsubishielectric	Rv7fr Firmware	All versions
Mitsubishielectric	Rv7frl Firmware	All versions
Mitsubishielectric	Rv7frll Firmware	All versions
Mitsubishielectric	Rv13fr Firmware	All versions
Mitsubishielectric	Rv13frl Firmware	All versions
Mitsubishielectric	Rv20fr Firmware	All versions
Mitsubishielectric	Rh1frhr Firmware	All versions
Mitsubishielectric	Rh3frhr Firmware	All versions
Mitsubishielectric	Rh3frh35 Firmware	All versions
Mitsubishielectric	Rh3frh45 Firmware	All versions
Mitsubishielectric	Rh3frh55 Firmware	All versions
Mitsubishielectric	Rh6frh35 Firmware	All versions
Mitsubishielectric	Rh6frh45 Firmware	All versions
Mitsubishielectric	Rh6frh55 Firmware	All versions
Mitsubishielectric	Rh12frh55 Firmware	All versions
Mitsubishielectric	Rh12rfh70 Firmware	All versions
Mitsubishielectric	Rh12frh85 Firmware	All versions
Mitsubishielectric	Rh20frh85 Firmware	All versions
Mitsubishielectric	Rh20frh100 Firmware	All versions
Mitsubishielectric	Rv2fr\(B\) Firmware	All versions
Mitsubishielectric	Rv2frl\(B\) Firmware	All versions
Mitsubishielectric	Rv4frm\/C Firmware	All versions
Mitsubishielectric	Rv4frlm\/C Firmware	All versions
Mitsubishielectric	Rv7frm\/C Firmware	All versions
Mitsubishielectric	Rv7frlm\/C Firmware	All versions
Mitsubishielectric	Rv7frllm\/C Firmware	All versions
Mitsubishielectric	Rv13frm\/C Firmware	All versions
Mitsubishielectric	Rv13frlm\/C Firmware	All versions
Mitsubishielectric	Rv20frm\/C Firmware	All versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdfVendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdfVendor Advisory

Timeline

Published: Jan 29, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-20586?

How severe is CVE-2021-20586?

CVE-2021-20586 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.74% probability of exploitation in the next 30 days.

How do I fix CVE-2021-20586?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-20586?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST