CVE-2021-20586

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

29/01/2021

Last modified:

12/07/2022

Description

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x

7.50

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:L/Au:N/C:N/I:N/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Complete

Base Score 2.0

7.80

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:mitsubishielectric:rv2fr_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv2fr:-:::::::*
cpe:2.3:o:mitsubishielectric:rv2frl_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv2frl:-:::::::*
cpe:2.3:o:mitsubishielectric:rv4fr_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv4fr:-:::::::*
cpe:2.3:o:mitsubishielectric:rv4frl_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv4frl:-:::::::*
cpe:2.3:o:mitsubishielectric:rv7fr_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv7fr:-:::::::*
cpe:2.3:o:mitsubishielectric:rv7frl_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv7frl:-:::::::*
cpe:2.3:o:mitsubishielectric:rv7frll_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv7frll:-:::::::*
cpe:2.3:o:mitsubishielectric:rv13fr_firmware::::::::

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf

CPE	From	Up to
cpe:2.3:o:mitsubishielectric:rv2fr_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv2fr:-:::::::*
cpe:2.3:o:mitsubishielectric:rv2frl_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv2frl:-:::::::*
cpe:2.3:o:mitsubishielectric:rv4fr_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv4fr:-:::::::*
cpe:2.3:o:mitsubishielectric:rv4frl_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv4frl:-:::::::*
cpe:2.3:o:mitsubishielectric:rv7fr_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv7fr:-:::::::*
cpe:2.3:o:mitsubishielectric:rv7frl_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv7frl:-:::::::*
cpe:2.3:o:mitsubishielectric:rv7frll_firmware::::::::
cpe:2.3:h:mitsubishielectric:rv7frll:-:::::::*
cpe:2.3:o:mitsubishielectric:rv13fr_firmware::::::::