Vulnerabilities > CVE-2020-5545 - Unspecified vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mitsubishielectric

critical

NVD

Published: 2020-03-16

Updated: 2020-03-19

Summary

TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric IU1 1M20 D Firmware - Mitsubishielectric IU1 1M20 D Firmware 1.0.7	2
Hardware	Mitsubishielectric Mitsubishielectric IU1 1M20 D -	1

References

https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf
https://jvn.jp/en/vu/JVNVU92370624/index.html