Strix
26.1K

CVE-2021-20610

HIGHCVSS 7.5/10EPSS 3.08%

Last modified

CVE-2021-20610 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.. EPSS estimates a 3.08% chance of exploitation in the next 30 days.

Description

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
3.08%

86.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MitsubishiMelsec Iq-R R00 Cpu Firmware<= 24
MitsubishiMelsec Iq-R R01 Cpu Firmware<= 24
MitsubishiMelsec Iq-R R02 Cpu Firmware<= 24
MitsubishiMelsec Iq-R R04 Cpu Firmware<= 57
MitsubishiMelsec Iq-R R08 Cpu Firmware<= 57
MitsubishiMelsec Iq-R R120 Cpu Firmware<= 57
MitsubishiMelsec Iq-R R16 Cpu Firmware<= 57
MitsubishiMelsec Iq-R R32 Cpu Firmware<= 57
MitsubishiMelsec Iq-R R04 Pcpu Firmware<= 29
MitsubishiMelsec Iq-R R08 Pcpu Firmware<= 29
MitsubishiMelsec Iq-R R16 Pcpu Firmware<= 29
MitsubishiMelsec Iq-R R32 Pcpu Firmware<= 29
MitsubishiMelsec Iq-R R120 Pcpu Firmware<= 29
MitsubishiMelsec Iq-R R08 Sfcpu FirmwareAll versions
MitsubishiMelsec Iq-R R16 Sfcpu FirmwareAll versions
MitsubishiMelsec Iq-R R32 Sfcpu FirmwareAll versions
MitsubishiMelsec Iq-R R120 Sfcpu FirmwareAll versions
MitsubishiMelsec Iq-R R16 Mtcpu FirmwareAll versions
MitsubishiMelsec Iq-R R32 Mtcpu FirmwareAll versions
MitsubishiMelsec Iq-R R64 Mtcpu FirmwareAll versions
MitsubishiMelsec Iq-R R12 Ccpu-V FirmwareAll versions
MitsubishiMelsec Q03udecpu FirmwareAll versions
MitsubishiMelsec Q04udecpu FirmwareAll versions
MitsubishiMelsec Q06udecpu FirmwareAll versions
MitsubishiMelsec Q10udecpu FirmwareAll versions
MitsubishiMelsec Q13udecpu FirmwareAll versions
MitsubishiMelsec Q20udecpu FirmwareAll versions
MitsubishiMelsec Q26udecpu FirmwareAll versions
MitsubishiMelsec Q50udecpu FirmwareAll versions
MitsubishiMelsec Q100udecpu FirmwareAll versions
MitsubishiMelsec Q03udvcpu FirmwareAll versions
MitsubishiMelsec Q04udvcpu FirmwareAll versions
MitsubishiMelsec Q06udvcpu FirmwareAll versions
MitsubishiMelsec Q13udvcpu FirmwareAll versions
MitsubishiMelsec Q26udvcpu FirmwareAll versions
MitsubishiMelsec Q04udpvcpu FirmwareAll versions
MitsubishiMelsec Q06udpvcpu FirmwareAll versions
MitsubishiMelsec Q13udpvcpu FirmwareAll versions
MitsubishiMelsec Q26udpvcpu FirmwareAll versions
MitsubishiMelsec Q12dccpu-V FirmwareAll versions
MitsubishiMelsec Q24dhccpu-V\(G\) FirmwareAll versions
MitsubishiMelsec Q24dhccpu-Ls FirmwareAll versions
MitsubishiMelsec Q26dhccpu-Ls FirmwareAll versions
MitsubishiMelsec Mr-Mq100 FirmwareAll versions
MitsubishiMelsec Q172dcpu-S1 FirmwareAll versions
MitsubishiMelsec Q173dcpu-S1 FirmwareAll versions
MitsubishiMelsec Q172dscpu FirmwareAll versions
MitsubishiMelsec Q173dscpu FirmwareAll versions
MitsubishiMelsec Q170mscpu\(-S1\) FirmwareAll versions
MitsubishiMelsec Q170mcpu FirmwareAll versions

Showing 50 of 59 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-20610?
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
How severe is CVE-2021-20610?
CVE-2021-20610 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 3.08% probability of exploitation in the next 30 days.
How do I fix CVE-2021-20610?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-20610?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST