Strix
26.1K

CVE-2021-20591

HIGHCVSS 7.5/10EPSS 1.50%

Last modified

CVE-2021-20591 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.. EPSS estimates a 1.50% chance of exploitation in the next 30 days.

Description

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
1.50%

70.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MitsubishielectricR00cpu FirmwareAll versions
MitsubishielectricR01cpu FirmwareAll versions
MitsubishielectricR02cpu FirmwareAll versions
MitsubishielectricR04cpu FirmwareAll versions
MitsubishielectricR08cpu FirmwareAll versions
MitsubishielectricR16cpu FirmwareAll versions
MitsubishielectricR32cpu FirmwareAll versions
MitsubishielectricR120cpu FirmwareAll versions
MitsubishielectricR08sfcpu FirmwareAll versions
MitsubishielectricR16sfcpu FirmwareAll versions
MitsubishielectricR32sfcpu FirmwareAll versions
MitsubishielectricR120sfcpu FirmwareAll versions
MitsubishielectricR08pcpu FirmwareAll versions
MitsubishielectricR16pcpu FirmwareAll versions
MitsubishielectricR32pcpu FirmwareAll versions
MitsubishielectricR120pcpu FirmwareAll versions
MitsubishielectricR08psfcpu FirmwareAll versions
MitsubishielectricR16psfcpu FirmwareAll versions
MitsubishielectricR32psfcpu FirmwareAll versions
MitsubishielectricR120psfcpu FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-20591?
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.
How severe is CVE-2021-20591?
CVE-2021-20591 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.50% probability of exploitation in the next 30 days.
How do I fix CVE-2021-20591?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-20591?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST