Vulnerabilities > CVE-2020-5656 - Unspecified vulnerability in Mitsubishielectric products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mitsubishielectric

NVD

Published: 2020-11-02

Updated: 2020-11-10

Summary

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric Melsec IQ Rj71Eip91 Firmware - Mitsubishielectric Melsec IQ Rj71Pn92 Firmware - Mitsubishielectric Melsec IQ Rd81Dl96 Firmware - Mitsubishielectric Melsec IQ Rd81Mes96N Firmware - Mitsubishielectric Melsec IQ Rd81Opc96 Firmware -	5
Hardware	Mitsubishielectric Mitsubishielectric Melsec IQ Rj71Eip91 - Mitsubishielectric Melsec IQ Rj71Pn92 - Mitsubishielectric Melsec IQ Rd81Dl96 - Mitsubishielectric Melsec IQ Rd81Mes96N - Mitsubishielectric Melsec IQ Rd81Opc96 -	5

Summary

Vulnerable Configurations

References