Vulnerabilities > CVE-2020-5655 - NULL Pointer Dereference vulnerability in Mitsubishielectric products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

mitsubishielectric

CWE-476

NVD

Published: 2020-11-02

Updated: 2020-11-10

Summary

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric Melsec IQ Rj71Eip91 Firmware - Mitsubishielectric Melsec IQ Rj71Pn92 Firmware - Mitsubishielectric Melsec IQ Rd81Dl96 Firmware - Mitsubishielectric Melsec IQ Rd81Mes96N Firmware - Mitsubishielectric Melsec IQ Rd81Opc96 Firmware -	5
Hardware	Mitsubishielectric Mitsubishielectric Melsec IQ Rj71Eip91 - Mitsubishielectric Melsec IQ Rj71Pn92 - Mitsubishielectric Melsec IQ Rd81Dl96 - Mitsubishielectric Melsec IQ Rd81Mes96N - Mitsubishielectric Melsec IQ Rd81Opc96 -	5

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References