Resource exhaustion in Mitsubishi Electric products - CVE-2020-5603
Published: July 1, 2020
Vulnerability identifier: #VU29430
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-5603
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mitsubishi Electric
Affected software:
CPU Module Logging Configuration Tool
CW Configurator
EM Software Development Kit
GT Designer3
GX LogViewer
GX Works2
GX Works3
M_CommDTM-HART
M_CommDTM-IO-Link
MELFA-Works
MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool
MELSOFT FieldDeviceConfigurator
MELSOFT iQ AppPortal
MELSOFT Navigator
MI Configurator
Motion Control Setting
MR Configurator2
MT Works2
RT ToolBox2
RT ToolBox3
CPU Module Logging Configuration Tool
CW Configurator
EM Software Development Kit
GT Designer3
GX LogViewer
GX Works2
GX Works3
M_CommDTM-HART
M_CommDTM-IO-Link
MELFA-Works
MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool
MELSOFT FieldDeviceConfigurator
MELSOFT iQ AppPortal
MELSOFT Navigator
MI Configurator
Motion Control Setting
MR Configurator2
MT Works2
RT ToolBox2
RT ToolBox3
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
How to mitigate CVE-2020-5603
Install updates from vendor's website.