cvelistv5 - cve-2021-20596

cve-2021-20596

Vulnerability from cvelistv5

Published

2021-07-22 11:02

Modified

2024-08-03 17:45

Severity ?

Summary

References

URL	Tags
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://jvn.jp/vu/JVNVU94348759/index.html	Patch, Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01	Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU94348759/index.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	MELSEC-F Series FX3U-ENET; FX3U-ENET-L; FX3U-ENET-P502	Version: Firmware version 1.14 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU94348759/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MELSEC-F Series FX3U-ENET; FX3U-ENET-L; FX3U-ENET-P502",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware version 1.14 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-30T20:02:26",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU94348759/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
          "ID": "CVE-2021-20596",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MELSEC-F Series FX3U-ENET; FX3U-ENET-L; FX3U-ENET-P502",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Firmware version 1.14 and prior"
                          },
                          {
                            "version_value": "Firmware version 1.14 and prior"
                          },
                          {
                            "version_value": "Firmware version 1.14 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf",
              "refsource": "MISC",
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU94348759/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU94348759/index.html"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2021-20596",
    "datePublished": "2021-07-22T11:02:56",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:44.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20596\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2021-07-22T12:15:07.787\",\"lastModified\":\"2024-11-21T05:46:50.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery.\"},{\"lang\":\"es\",\"value\":\"Una desreferencia de puntero NULL en MELSEC-F Series FX3U-ENET versiones de firmware 1.14 y anteriores, FX3U-ENET-L versiones de firmware 1.14 y anteriores, y FX3U-ENET-P502 versiones de firmware 1.14 y anteriores, permite a un atacante remoto no autenticado causar una condici\u00f3n de Denegaci\u00f3n de Servicio en la comunicaci\u00f3n mediante el env\u00edo de paquetes especialmente dise\u00f1ados. El control por parte del PLC de la serie MELSEC-F no est\u00e1 afectado y es requerido un reinicio del sistema para la recuperaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:fx3u-enet-l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.14\",\"matchCriteriaId\":\"C54E1F47-E0A3-4C49-A219-84175C7B8108\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:fx3u-enet-p502_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.14\",\"matchCriteriaId\":\"72D73FF4-10B4-4F70-B603-27775A21B9F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:fx3u-enet_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.14\",\"matchCriteriaId\":\"BF1D75C8-9E0A-4A2A-A9B6-3A944721DFC4\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU94348759/index.html\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU94348759/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

ICSA-21-201-01

Vulnerability from csaf_cisa

Published

2021-07-20 00:00

Modified

2021-07-20 00:00

Summary

Mitsubishi Electric MELSEC-F Series

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability may cause a denial-of-service condition in communication with the product. System reset may be required for recovery.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Mitsubishi Electric",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability may cause a denial-of-service condition in communication with the product. System reset may be required for recovery.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-201-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-201-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-201-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-201-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric MELSEC-F Series",
    "tracking": {
      "current_release_date": "2021-07-20T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-21-201-01",
      "initial_release_date": "2021-07-20T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2021-07-20T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-21-201-01 Mitsubishi Electric MELSEC-F Series"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.14",
                "product": {
                  "name": "FX3U-ENET-P502: Firmware Version 1.14 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "FX3U-ENET-P502"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.14",
                "product": {
                  "name": "FX3U-ENET-L: Firmware Version 1.14 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "FX3U-ENET-L"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.14",
                "product": {
                  "name": "FX3U-ENET: Firmware Version 1.14 and prior",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "FX3U-ENET"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-20596",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Malicious attacker may cause a denial-of-service condition in communication with the product by sending specially crafted packets.CVE-2021-20596 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20596"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "FX3U-ENET: Firmware Version 1.16 or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FX3U-ENET-L: Firmware Version 1.16 or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FX3U-ENET-P502: Firmware Version 1.16 or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a firewall or virtual private network (VPN), etc., to prevent unauthorized access when Internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to the Mitsubishi Electric advisory for further details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

icsa-21-201-01

Vulnerability from csaf_cisa

Published

2021-07-20 00:00

Modified

2021-07-20 00:00

Summary

Mitsubishi Electric MELSEC-F Series

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of this vulnerability may cause a denial-of-service condition in communication with the product. System reset may be required for recovery.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Mitsubishi Electric",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability may cause a denial-of-service condition in communication with the product. System reset may be required for recovery.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-201-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-201-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-201-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-201-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric MELSEC-F Series",
    "tracking": {
      "current_release_date": "2021-07-20T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-21-201-01",
      "initial_release_date": "2021-07-20T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2021-07-20T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-21-201-01 Mitsubishi Electric MELSEC-F Series"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.14",
                "product": {
                  "name": "FX3U-ENET-P502: Firmware Version 1.14 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "FX3U-ENET-P502"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.14",
                "product": {
                  "name": "FX3U-ENET-L: Firmware Version 1.14 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "FX3U-ENET-L"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.14",
                "product": {
                  "name": "FX3U-ENET: Firmware Version 1.14 and prior",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "FX3U-ENET"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-20596",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Malicious attacker may cause a denial-of-service condition in communication with the product by sending specially crafted packets.CVE-2021-20596 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20596"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "FX3U-ENET: Firmware Version 1.16 or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FX3U-ENET-L: Firmware Version 1.16 or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FX3U-ENET-P502: Firmware Version 1.16 or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a firewall or virtual private network (VPN), etc., to prevent unauthorized access when Internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to the Mitsubishi Electric advisory for further details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

fkie_cve-2021-20596

Vulnerability from fkie_nvd

Published

2021-07-22 12:15

Modified

2024-11-21 05:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://jvn.jp/vu/JVNVU94348759/index.html	Patch, Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01	Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU94348759/index.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	fx3u-enet-l_firmware	*
mitsubishielectric	fx3u-enet-p502_firmware	*
mitsubishielectric	fx3u-enet_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:fx3u-enet-l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54E1F47-E0A3-4C49-A219-84175C7B8108",
              "versionEndIncluding": "1.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:fx3u-enet-p502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D73FF4-10B4-4F70-B603-27775A21B9F1",
              "versionEndIncluding": "1.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:fx3u-enet_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1D75C8-9E0A-4A2A-A9B6-3A944721DFC4",
              "versionEndIncluding": "1.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery."
    },
    {
      "lang": "es",
      "value": "Una desreferencia de puntero NULL en MELSEC-F Series FX3U-ENET versiones de firmware 1.14 y anteriores, FX3U-ENET-L versiones de firmware 1.14 y anteriores, y FX3U-ENET-P502 versiones de firmware 1.14 y anteriores, permite a un atacante remoto no autenticado causar una condici\u00f3n de Denegaci\u00f3n de Servicio en la comunicaci\u00f3n mediante el env\u00edo de paquetes especialmente dise\u00f1ados. El control por parte del PLC de la serie MELSEC-F no est\u00e1 afectado y es requerido un reinicio del sistema para la recuperaci\u00f3n"
    }
  ],
  "id": "CVE-2021-20596",
  "lastModified": "2024-11-21T05:46:50.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-22T12:15:07.787",
  "references": [
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU94348759/index.html"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU94348759/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
    }
  ],
  "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-202107-0288

Vulnerability from variot

NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery. Made by Mitsubishi Electric MELSEC F series Ethernet Interface blocks NULL Pointer reference (CWE-476 , CVE-2021-20596) A vulnerability exists. This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.If the product receives a malicious packet crafted by a remote third party, an error will occur and communication will interfere with service operation. (DoS) It may be in a state. In addition, by resetting the system, service operation is interrupted. (DoS) Recovery from the state is possible. According to the developer MELSEC F It has no effect on the control of the basic units of the series. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Misubishi Electric Mitsubishi Electric MELSEC-F Series is a basic micro PLC with scalability of analog and communication functions for industrial control equipment of Mitsubishi Electric Corporation. Mitsubishi Electric MELSEC-F Series contains a code issue vulnerability that could cause a denial of service condition for communication with the product

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0288",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fx3u-enet",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "1.14"
      },
      {
        "model": "fx3u-enet-p502",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "1.14"
      },
      {
        "model": "fx3u-enet-l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "1.14"
      },
      {
        "model": "fx3u-enet",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": "-p502 firmware    1.14  and earlier"
      },
      {
        "model": "fx3u-enet",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": "-l firmware    1.14  and earlier"
      },
      {
        "model": "fx3u-enet",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": "firmware    1.14  and earlier"
      },
      {
        "model": "fx3u-enet-l",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      },
      {
        "model": "fx3u-enet-p502",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": "firmware    1.14  and earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20596"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mitsubishi Electric reported this vulnerability to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-20596",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-20596",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-378272",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-20596",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-002007",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-20596",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2021-002007",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202107-1555",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-378272",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-378272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20596"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery. Made by Mitsubishi Electric MELSEC F series Ethernet Interface blocks NULL Pointer reference (CWE-476 , CVE-2021-20596) A vulnerability exists. This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.If the product receives a malicious packet crafted by a remote third party, an error will occur and communication will interfere with service operation. (DoS) It may be in a state. In addition, by resetting the system, service operation is interrupted. (DoS) Recovery from the state is possible. According to the developer MELSEC F It has no effect on the control of the basic units of the series. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Misubishi Electric Mitsubishi Electric MELSEC-F Series is a basic micro PLC with scalability of analog and communication functions for industrial control equipment of Mitsubishi Electric Corporation. Mitsubishi Electric MELSEC-F Series contains a code issue vulnerability that could cause a denial of service condition for communication with the product",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-20596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-378272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20596"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-20596",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVNVU94348759",
        "trust": 2.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-201-01",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072103",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2464",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-378272",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20596",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-378272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20596"
      }
    ]
  },
  "id": "VAR-202107-0288",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-378272"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T13:03:17.705000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MELSEC\u00a0F series Ethernet Denial of service in interface block DoS ) Vulnerability",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-006.pdf"
      },
      {
        "title": "MELSEC-F FX3U-ENET Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157423"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.1
      },
      {
        "problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-378272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20596"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
      },
      {
        "trust": 1.8,
        "url": "https://jvn.jp/vu/jvnvu94348759/index.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu94348759"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20596"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2464"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072103"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-378272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20596"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-378272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20596"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-378272"
      },
      {
        "date": "2021-07-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-20596"
      },
      {
        "date": "2021-07-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "date": "2021-07-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-07-22T12:15:07.787000",
        "db": "NVD",
        "id": "CVE-2021-20596"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-378272"
      },
      {
        "date": "2021-07-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-20596"
      },
      {
        "date": "2021-07-26T05:48:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      },
      {
        "date": "2021-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-02T14:25:16.287000",
        "db": "NVD",
        "id": "CVE-2021-20596"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Made by Mitsubishi Electric \u00a0MELSEC\u00a0F\u00a0 series \u00a0Ethernet\u00a0 In the interface block \u00a0NULL\u00a0 Pointer reference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002007"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1555"
      }
    ],
    "trust": 0.6
  }
}

gsd-2021-20596

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-20596

Aliases

CVE-2021-20596

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20596",
    "description": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery.",
    "id": "GSD-2021-20596"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20596"
      ],
      "details": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery.",
      "id": "GSD-2021-20596",
      "modified": "2023-12-13T01:23:11.979554Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "ID": "CVE-2021-20596",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MELSEC-F Series FX3U-ENET; FX3U-ENET-L; FX3U-ENET-P502",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Firmware version 1.14 and prior"
                        },
                        {
                          "version_value": "Firmware version 1.14 and prior"
                        },
                        {
                          "version_value": "Firmware version 1.14 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "NULL Pointer Dereference"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU94348759/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU94348759/index.html"
          },
          {
            "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01",
            "refsource": "MISC",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx3u-enet-l_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.14",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx3u-enet-p502_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.14",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mitsubishielectric:fx3u-enet_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
          "ID": "CVE-2021-20596"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU94348759/index.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/vu/JVNVU94348759/index.html"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-08-02T14:25Z",
      "publishedDate": "2021-07-22T12:15Z"
    }
  }
}

ghsa-wrr3-chw5-r88x

Vulnerability from github

Published

2022-05-24 19:09

Modified

2022-05-24 19:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-22T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery.",
  "id": "GHSA-wrr3-chw5-r88x",
  "modified": "2022-05-24T19:09:02Z",
  "published": "2022-05-24T19:09:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20596"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU94348759/index.html"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2021-20596

Vulnerability from cvelistv5

ICSA-21-201-01

Vulnerability from csaf_cisa

icsa-21-201-01

Vulnerability from csaf_cisa

fkie_cve-2021-20596

Vulnerability from fkie_nvd

var-202107-0288

Vulnerability from variot

gsd-2021-20596

Vulnerability from gsd

ghsa-wrr3-chw5-r88x

Vulnerability from github

Tags

Sightings

Nomenclature