Vulnerabilities > CVE-2021-20596 - NULL Pointer Dereference vulnerability in Mitsubishielectric products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 |
Common Weakness Enumeration (CWE)
References
- https://jvn.jp/vu/JVNVU94348759/index.html
- https://jvn.jp/vu/JVNVU94348759/index.html
- https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01
- https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf