CVE-2021-20613
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/01/2022
Last modified:
21/01/2022
Description
Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mitsubishielectric:fx3u-enet_firmware:*:*:*:*:*:*:*:* | 1.16 (including) | |
| cpe:2.3:h:mitsubishielectric:fx3u-enet:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:fx3u-enet-l_firmware:*:*:*:*:*:*:*:* | 1.16 (including) | |
| cpe:2.3:h:mitsubishielectric:fx3u-enet-l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:fx3u-enet-p502_firmware:*:*:*:*:*:*:*:* | 1.16 (including) | |
| cpe:2.3:h:mitsubishielectric:fx3u-enet-p502:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



