#VU29430 Resource exhaustion in Mitsubishi Electric products - CVE-2020-5603
Published: July 1, 2020
Vulnerability identifier: #VU29430
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-5603
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
CPU Module Logging Configuration Tool
CW Configurator
EM Software Development Kit
GT Designer3
GX LogViewer
GX Works2
GX Works3
M_CommDTM-HART
M_CommDTM-IO-Link
MELFA-Works
MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool
MELSOFT FieldDeviceConfigurator
MELSOFT iQ AppPortal
MELSOFT Navigator
MI Configurator
Motion Control Setting
MR Configurator2
MT Works2
RT ToolBox2
RT ToolBox3
CPU Module Logging Configuration Tool
CW Configurator
EM Software Development Kit
GT Designer3
GX LogViewer
GX Works2
GX Works3
M_CommDTM-HART
M_CommDTM-IO-Link
MELFA-Works
MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool
MELSOFT FieldDeviceConfigurator
MELSOFT iQ AppPortal
MELSOFT Navigator
MI Configurator
Motion Control Setting
MR Configurator2
MT Works2
RT ToolBox2
RT ToolBox3
Software vendor:
Mitsubishi Electric
Mitsubishi Electric
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.