Vulnerabilities > CVE-2021-20599 - Unspecified vulnerability in Mitsubishielectric products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mitsubishielectric

NVD

Published: 2021-10-14

Updated: 2024-11-21

Summary

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric R08Sfcpu Firmware * Mitsubishielectric R16Sfcpu Firmware * Mitsubishielectric R32Sfcpu Firmware * Mitsubishielectric R120Sfcpu Firmware * Mitsubishielectric R08Psfcpu Firmware * Mitsubishielectric R16Psfcpu Firmware * Mitsubishielectric R32Psfcpu Firmware * Mitsubishielectric R120Psfcpu Firmware *	8
Hardware	Mitsubishielectric Mitsubishielectric R08Sfcpu - Mitsubishielectric R16Sfcpu - Mitsubishielectric R32Sfcpu - Mitsubishielectric R120Sfcpu - Mitsubishielectric R08Psfcpu - Mitsubishielectric R16Psfcpu - Mitsubishielectric R32Psfcpu - Mitsubishielectric R120Psfcpu -	8

Summary

Vulnerable Configurations

References