GHSA-C9MW-29G5-HF3H
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-07-13 00:01Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-VD" of RV-FR-D- all versions, controller "CR800-HD" of RH-FRH-D- all versions, controller "CR800-HRD" of RH-FRHR-D- all versions, controller "CR800-VR with R16RTCPU" of RV-*FR-R- all versions, controller "CR800-HR with R16RTCPU" of RH-FRH-R- all versions, controller "CR800-HRR with R16RTCPU" of RH-FRHR-R- all versions, controller "CR800-VQ with Q172DSRCPU" of RV-FR-Q- all versions, controller "CR800-HQ with Q172DSRCPU" of RH-FRH-Q- all versions, controller "CR800-HRQ with Q172DSRCPU" of RH-FRHR-Q- all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D- all versions, controller "CR800-CHD" of RH-CRH-D- all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D- all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.
{
"affected": [],
"aliases": [
"CVE-2021-20586"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-29T15:15:00Z",
"severity": "HIGH"
},
"details": "Resource management errors vulnerability in a robot controller of MELFA FR Series(controller \"CR800-*V*D\" of RV-*FR***-D-* all versions, controller \"CR800-*HD\" of RH-*FRH***-D-* all versions, controller \"CR800-*HRD\" of RH-*FRHR***-D-* all versions, controller \"CR800-*V*R with R16RTCPU\" of RV-*FR***-R-* all versions, controller \"CR800-*HR with R16RTCPU\" of RH-*FRH***-R-* all versions, controller \"CR800-*HRR with R16RTCPU\" of RH-*FRHR***-R-* all versions, controller \"CR800-*V*Q with Q172DSRCPU\" of RV-*FR***-Q-* all versions, controller \"CR800-*HQ with Q172DSRCPU\" of RH-*FRH***-Q-* all versions, controller \"CR800-*HRQ with Q172DSRCPU\" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller \"CR800-CVD\" of RV-8CRL-D-* all versions, controller \"CR800-CHD\" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller \"CR800-05VD\" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.",
"id": "GHSA-c9mw-29g5-hf3h",
"modified": "2022-07-13T00:01:05Z",
"published": "2022-05-24T17:40:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20586"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.