CVE-2020-5657
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/11/2020
Last modified:
10/11/2020
Description
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page