All the vulnerabilites related to mitsubishielectric - r64mtcpu
cve-2020-16850
Vulnerability from cvelistv5
Published
2020-11-30 21:34
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:45:33.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T21:34:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series",
"refsource": "MISC",
"url": "https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16850",
"datePublished": "2020-11-30T21:34:28",
"dateReserved": "2020-08-04T00:00:00",
"dateUpdated": "2024-08-04T13:45:33.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-11-30 22:15
Modified
2024-11-21 05:07
Severity ?
Summary
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series | Third Party Advisory | |
| cve@mitre.org | https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r00cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4E159-7ECF-4812-95E1-3C8A61B41C3F",
"versionEndIncluding": "20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r00cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A23F21-9C5F-4CB3-BA20-4195B2165D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r01cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA80A6F-79B8-4C58-9D0D-F7D423B16B04",
"versionEndIncluding": "20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r01cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CADF6528-4B25-4779-A06F-2C4DF91DAE90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r02cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8BF074-220A-46BF-8B4E-7B30637FC997",
"versionEndIncluding": "20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r02cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D753C47-ED9C-453F-AC1F-C50476BE61C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r04cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0D8F6B-F137-4A05-8F78-55119F12B3A0",
"versionEndIncluding": "52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r04cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEEF15E-FE32-4610-9E14-891069573E4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r08cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83D2C9C7-B838-4EE1-87D9-BBD9FA3C5D30",
"versionEndIncluding": "52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r08cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DAA2202-88D5-4329-BF51-0F18C350C45C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r16cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE02A6F0-DB39-441C-B6A0-86611A7BAA80",
"versionEndIncluding": "52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r16cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30016EA0-FB24-4382-8960-6A75D32C9BD7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r32cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8DEE4EE-73F6-437A-B00F-AAC76EA4266E",
"versionEndIncluding": "52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r32cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF6EB84-7D97-4606-A90F-9D443CBC4755",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r120cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A130EB-63CF-4766-AFA6-66BC90118153",
"versionEndIncluding": "52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r120cpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7D08E-D3D1-48D4-9440-B94B7A2BD662",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E49CF5A5-8F0E-4E41-9B6F-15641CD32E29",
"versionEndIncluding": "22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B185323A-C9E3-48A0-AD28-DA7AC7846E18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "844B3E94-7F24-4523-AE29-55D5C55D4A99",
"versionEndIncluding": "22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BBE066-33C4-4410-85D3-4B77B3773330",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15096442-7E6B-4846-9A8F-01023A54DFA0",
"versionEndIncluding": "22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6304BE-DAEE-49AB-B0B1-CEE6878CBECE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE2946C-E8C0-4253-B84C-16A81767343E",
"versionEndIncluding": "22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "515BDC46-5A1C-4A94-816A-B4751BB1B58D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r08pcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63442274-452B-4361-A2AD-2ACBD699B150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r08pcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3845683A-A4D2-422F-9736-D0D7A430555F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r16pcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0EA636-84E9-4DAA-BE39-DBA9D7B857F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r16pcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA04F2DD-4D51-4D4F-B3C7-D5EFACAD6EFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r32pcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "275C5686-5333-440F-8C85-8C2FB91FC2DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r32pcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA2A77C-86CE-48E1-87A4-A69895102D49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r120pcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC951AC-3538-4711-A034-6C1A94AD797F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r120pcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FE9EA6-6BCE-40F7-8AE8-173F7CDF3EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r16mtcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6627431-2E42-4D76-A6D7-D75756BC63AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r16mtcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "921A907D-DD83-44C7-BEFA-A1A38679FFB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r32mtcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9E24CF-45D3-4162-BE69-92FE571C0189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r32mtcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD83C6E4-56E8-4854-8711-B280D7626021",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:r64mtcpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEF3452-1DDC-4D43-BD82-AB877451F57D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:r64mtcpu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F2092-ABFD-4510-84C3-C0945512C15B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2."
},
{
"lang": "es",
"value": "Los PLC de la serie Mitsubishi MELSEC iQ-R con firmware 49 permiten a un atacante no autenticado detener el proceso industrial enviando un paquete dise\u00f1ado a trav\u00e9s de la red. Este ataque de denegaci\u00f3n de servicio expone una Validaci\u00f3n de Entrada Inapropiada. Despu\u00e9s de detenerse, el acceso f\u00edsico al PLC es requerido para restaurar la producci\u00f3n y se pierde el estado del dispositivo. Esto est\u00e1 relacionado con R04CPU, RJ71GF11-T2, R04CPU y RJ71GF11-T2"
}
],
"id": "CVE-2020-16850",
"lastModified": "2024-11-21T05:07:16.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-30T22:15:10.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}