Main Vulnerability Database SB2020061030

SB2020061030 - Denial of service in Mitsubishi Electric MELSEC iQ-R series

Published: June 10, 2020

Security Bulletin ID SB2020061030

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2020-13238)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send specially crafted packets, trigger resource exhaustion and perform a denial of service (DoS) attack.

This vulnerability affects the following MELSEC iQ-R series modules:

R04/08/16/32/120CPU, R04/08/16/32/120ENCPU: Firmware Versions 39 or earlier
R00/01/02CPU: Firmware Versions 7 or earlier
R08/16/32/120SFCPU: Firmware Versions 20 or earlier
R08/16/32/120PCPU: All versions
R08/16/32/120PSFCPU: All versions
RJ71EN71: All versions

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/icsa-20-161-02