CVE-2020-5656
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/11/2020
Last modified:
10/11/2020
Description
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page