#VU50839 Heap-based buffer overflow in Mitsubishi Electric products - CVE-2021-20587


Vulnerability identifier: #VU50839

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-20587

CWE-ID: CWE-122

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Setting/monitoring tools for the C Controller module
Other software / Other software solutions
Data Transfer
Other software / Other software solutions
EZSocket
Other software / Other software solutions
MH11 SettingTool Version2
Other software / Other software solutions
CPU Module Logging Configuration Tool
Client/Desktop applications / Software for system administration
CW Configurator
Client/Desktop applications / Software for system administration
Mitsubishi Electric FR Configurator2
Client/Desktop applications / Software for system administration
FR Configurator
Client/Desktop applications / Software for system administration
FR Configurator SW3
Client/Desktop applications / Software for system administration
GT Designer3
Client/Desktop applications / Software for system administration
GX Configurator-DP
Client/Desktop applications / Software for system administration
GX Configurator-QP
Client/Desktop applications / Software for system administration
GX Developer
Client/Desktop applications / Software for system administration
GX LogViewer
Client/Desktop applications / Software for system administration
GX RemoteService-I
Client/Desktop applications / Software for system administration
GX Works2
Client/Desktop applications / Software for system administration
GX Works3
Client/Desktop applications / Software for system administration
M_CommDTM-HART
Client/Desktop applications / Software for system administration
M_CommDTM-IO-Link
Client/Desktop applications / Software for system administration
MELFA-Works
Client/Desktop applications / Software for system administration
MELSOFT EM Software Development Kit (EM Configurator)
Client/Desktop applications / Software for system administration
MELSOFT Navigator
Client/Desktop applications / Software for system administration
MI Configurator
Client/Desktop applications / Software for system administration
MT Works2
Client/Desktop applications / Software for system administration
RT ToolBox2
Client/Desktop applications / Software for system administration
RT ToolBox3
Client/Desktop applications / Software for system administration
SLMP Data Collector
Client/Desktop applications / Software for system administration
GT SoftGOT1000 Version3
Server applications / SCADA systems
GT SoftGOT2000 Version1
Server applications / SCADA systems
MELSEC WinCPU Setting Utility
Operating systems & Components / Operating system package or component
MX Component
Universal components / Libraries / Libraries used by multiple products
Network Interface Board CC IE Control utility
Server applications / Other server solutions
Network Interface Board CC IE Field Utility
Server applications / Other server solutions
Network Interface Board CC-Link Ver.2 Utility
Server applications / Other server solutions
Network Interface Board MNETH utility
Server applications / Other server solutions
PX Developer
Client/Desktop applications / Other client software

Vendor: Mitsubishi Electric

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can spoof MELSEC, GOT or FREQROL and return crafted reply packets, trigger heap-based buffer overflow and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Setting/monitoring tools for the C Controller module: All versions

CPU Module Logging Configuration Tool: All versions

CW Configurator: All versions

Data Transfer: All versions

EZSocket: All versions

Mitsubishi Electric FR Configurator2: All versions

FR Configurator: All versions

FR Configurator SW3: All versions

GT Designer3: All versions

GT SoftGOT1000 Version3: All versions

GT SoftGOT2000 Version1: All versions

GX Configurator-DP: 7.14Q

GX Configurator-QP: All versions

GX Developer: All versions

GX LogViewer: All versions

GX RemoteService-I: All versions

GX Works2: 1.597X

GX Works3: 1.070Y

M_CommDTM-HART: All versions

M_CommDTM-IO-Link: All versions

MELFA-Works: All versions

MELSEC WinCPU Setting Utility: All versions

MELSOFT EM Software Development Kit (EM Configurator): All versions

MELSOFT Navigator: All versions

MH11 SettingTool Version2: All versions

MI Configurator: All versions

MT Works2: All versions

MX Component: All versions

Network Interface Board CC IE Control utility: All versions

Network Interface Board CC IE Field Utility: All versions

Network Interface Board CC-Link Ver.2 Utility: All versions

Network Interface Board MNETH utility: All versions

PX Developer: All versions

RT ToolBox2: All versions

RT ToolBox3: All versions

SLMP Data Collector: All versions

External links
https://jvn.jp/vu/JVNVU92330101/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in lMitsubishi Electric FA engineering software products