CVE-2020-16850
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
30/11/2020
Last modified:
21/07/2021
Description
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mitsubishielectric:r00cpu_firmware:*:*:*:*:*:*:*:* | 20 (including) | |
| cpe:2.3:h:mitsubishielectric:r00cpu:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:r01cpu_firmware:*:*:*:*:*:*:*:* | 20 (including) | |
| cpe:2.3:h:mitsubishielectric:r01cpu:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:r02cpu_firmware:*:*:*:*:*:*:*:* | 20 (including) | |
| cpe:2.3:h:mitsubishielectric:r02cpu:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:r04cpu_firmware:*:*:*:*:*:*:*:* | 52 (including) | |
| cpe:2.3:h:mitsubishielectric:r04cpu:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:r08cpu_firmware:*:*:*:*:*:*:*:* | 52 (including) | |
| cpe:2.3:h:mitsubishielectric:r08cpu:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:r16cpu_firmware:*:*:*:*:*:*:*:* | 52 (including) | |
| cpe:2.3:h:mitsubishielectric:r16cpu:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:r32cpu_firmware:*:*:*:*:*:*:*:* | 52 (including) | |
| cpe:2.3:h:mitsubishielectric:r32cpu:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:r120cpu_firmware:*:*:*:*:*:*:*:* | 52 (including) |
To consult the complete list of CPE names with products and versions, see this page