Vulnerabilites related to Mitsubishi Electric - MELSEC F series
var-202003-1411
Vulnerability from variot
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R , iQ-F , Q , L , F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company.
Many Mitsubishi Electric products have resource management error vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cr800-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q25prhcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r32encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12prhcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3u",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3g",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-pbt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q26dhccpu-ls",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r16encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5u",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l06cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12dccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q25phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r32cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r120encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3s",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r120cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q02phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-ls",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l06cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r08cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q172dscpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r00cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-bt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r04encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-vg2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r16cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3gc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r01cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r02cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q06phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q173nccpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q173dscpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r08encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02scpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02scpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r04cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec f series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec iq-f series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec l series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec q series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric melsec iq-r series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec iq-f series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec q series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec l series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec f series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
]
},
"cve": "CVE-2020-5527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5527",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002958",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29576",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5527",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002958",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-002958",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-29576",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1699",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R \uff0c iQ-F \uff0c Q \uff0c L \uff0c F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company. \n\r\n\r\nMany Mitsubishi Electric products have resource management error vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5527",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91553662",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-091-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-29576",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1157",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"id": "VAR-202003-1411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
]
},
"last_update_date": "2024-11-23T20:02:16.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSOFT\u4ea4\u4fe1\u30dd\u30fc\u30c8\uff08UDP/IP\uff09\u306b\u304a\u3051\u308b\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-005.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu91553662/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5527"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91553662/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5527"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1157/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"date": "2020-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"date": "2020-03-30T08:15:17.640000",
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"date": "2020-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"date": "2020-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"date": "2024-11-21T05:34:13.020000",
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC Of the series MELSOFT Resource exhaustion vulnerability in communication ports",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
],
"trust": 0.6
}
}
jvndb-2020-002958
Vulnerability from jvndb
Published
2020-03-31 13:37
Modified
2020-04-01 14:45
Severity ?
Summary
Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port
Details
MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400). When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition.
Mitsubishi Electric Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU91553662/ | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5527 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-5527 | |
| ICS-CERT ADVISORY | https://www.us-cert.gov/ics/advisories/icsa-20-091-02 | |
| Uncontrolled Resource Consumption ('Resource Exhaustion')(CWE-400) | https://cwe.mitre.org/data/definitions/400.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002958.html",
"dc:date": "2020-04-01T14:45+09:00",
"dcterms:issued": "2020-03-31T13:37+09:00",
"dcterms:modified": "2020-04-01T14:45+09:00",
"description": "MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400). When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition.\r\n\r\nMitsubishi Electric Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002958.html",
"sec:cpe": [
{
"#text": "cpe:/a:mitsubishielectric:melsec_f_series",
"@product": "MELSEC F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
"@product": "MELSEC L series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
"@product": "MELSEC Q series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
"@product": "MELSEC iQ-F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
"@product": "MELSEC iQ-R series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-002958",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91553662/",
"@id": "JVNVU#91553662",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5527",
"@id": "CVE-2020-5527",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5527",
"@id": "CVE-2020-5527",
"@source": "NVD"
},
{
"#text": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02",
"@id": "ICSA-20-091-02",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/400.html",
"@id": "CWE-400",
"@title": "Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)(CWE-400)"
}
],
"title": "Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port"
}