Main Vulnerability Database SB2020110210

SB2020110210 - Denial of service in Mitsubishi Electric MELSEC iQ-R, Q and L Series

Published: November 2, 2020

Security Bulletin ID SB2020110210

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2020-5652)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a specially crafted packet, trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

Vulnerable Software

MELSEC iQ-R 00 CPU: 20 and previous versions
MELSEC iQ-R 01 CPU: 20 and previous versions
MELSEC iQ-R 02 CPU: 20 and previous versions
MELSEC iQ-R 04 (EN) CPU: 52 and previous versions
MELSEC iQ-R 08 (EN) CPU: 52 and previous versions
MELSEC iQ-R 16 (EN) CPU: 52 and previous versions
MELSEC iQ-R 32 (EN) CPU: 52 and previous versions
MELSEC iQ-R 120 (EN) CPU: 52 and previous versions
MELSEC iQ-R 08 SFCPU: 22 and previous versions
MELSEC iQ-R 16 SFCPU: 22 and previous versions
MELSEC iQ-R 32 SFCPU: 22 and previous versions
MELSEC iQ-R 120 SFCPU: 22 and previous versions
MELSEC iQ-R 08 PCPU: All versions
MELSEC iQ-R 16 PCPU: All versions
MELSEC iQ-R 32 PCPU: All versions
MELSEC iQ-R 120 PCPU: All versions
MELSEC iQ-R 08 PSFCPU: All versions
MELSEC iQ-R 16 PSFCPU: All versions
MELSEC iQ-R 32 PSFCPU: All versions
MELSEC iQ-R 120 PSFCPU: All versions
MELSEC iQ-R 16 MTCPU: All versions
MELSEC iQ-R 32 MTCPU: All versions
MELSEC iQ-R 64 MTCPU: All versions
MELSEC iQ-Q 03 UDECPU: 22081 and previous versions
MELSEC iQ-Q 04 UDEHCPU: 22081 and previous versions
MELSEC iQ-Q 06 UDEHCPU: 22081 and previous versions
MELSEC iQ-Q 10 UDEHCPU: 22081 and previous versions
MELSEC iQ-Q 13 UDEHCPU: 22081 and previous versions
MELSEC iQ-Q 20 UDEHCPU: 22081 and previous versions
MELSEC iQ-Q 26 UDEHCPU: 22081 and previous versions
MELSEC iQ-Q 50 UDEHCPU: 22081 and previous versions
MELSEC iQ-Q 100 UDEHCPU: 22081 and previous versions
MELSEC iQ-Q 03 UDVCPU: 22031 and previous versions
MELSEC iQ-Q 04 UDVCPU: 22031 and previous versions
MELSEC iQ-Q 06 UDVCPU: 22031 and previous versions
MELSEC iQ-Q 13 UDVCPU: 22031 and previous versions
MELSEC iQ-Q 26 UDVCPU: 22031 and previous versions
MELSEC iQ-Q 04 UDPVCPU: 22031 and previous versions
MELSEC iQ-Q 06 UDPVCPU: 22031 and previous versions
MELSEC iQ-Q 13 UDPVCPU: 22031 and previous versions
MELSEC iQ-Q 26 UDPVCPU: 22031 and previous versions
MELSEC iQ-Q 172 DCPU-S1: All versions
MELSEC iQ-Q 173 DCPU-S1: All versions
MELSEC iQ-Q 172 DSCPU: All versions
MELSEC iQ-Q 173 DSCPU: All versions
MELSEC iQ-Q 170 MCPU: All versions
MELSEC iQ-Q 170 MSCPU(-S1): All versions
MELSEC iQ-Q MR-MQ100: All versions
MELSEC-L L02CPU-P: All versions
MELSEC-L L06CPU-P: All versions
MELSEC-L L26CPU-P: All versions
MELSEC-L L26CPU-PBT: All versions

SB2020110210 - Denial of service in Mitsubishi Electric MELSEC iQ-R, Q and L Series

Breakdown by Severity

Description

Remediation

References

Please verify you're human