Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.
References
Link | Resource |
---|---|
https://jvn.jp/vu/JVNVU98060539/index.html | Third Party Advisory |
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
Configuration 20 (hide)
AND |
|
History
22 Jun 2021, 20:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-400 | |
CPE | cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32cpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r01cpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r08pcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r02cpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r02cpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120cpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32pcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16pcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r04cpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16pcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r04cpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08cpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08pcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16cpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r00cpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120pcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r01cpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120pcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32pcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32cpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r00cpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r08cpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120cpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16cpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.8
v3 : 7.5 |
References | (MISC) https://jvn.jp/vu/JVNVU98060539/index.html - Third Party Advisory | |
References | (MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf - Vendor Advisory |
11 Jun 2021, 17:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-11 16:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-20591
Mitre link : CVE-2021-20591
CVE.ORG link : CVE-2021-20591
JSON object : View
Products Affected
mitsubishielectric
- r08cpu_firmware
- r120pcpu_firmware
- r02cpu_firmware
- r01cpu
- r04cpu
- r08sfcpu_firmware
- r00cpu
- r32sfcpu
- r32psfcpu_firmware
- r32cpu
- r120cpu
- r04cpu_firmware
- r120sfcpu
- r16cpu
- r32pcpu
- r16psfcpu
- r08pcpu
- r120cpu_firmware
- r32cpu_firmware
- r32sfcpu_firmware
- r32pcpu_firmware
- r01cpu_firmware
- r16sfcpu_firmware
- r16cpu_firmware
- r08sfcpu
- r16sfcpu
- r120psfcpu
- r02cpu
- r08psfcpu_firmware
- r32psfcpu
- r16psfcpu_firmware
- r00cpu_firmware
- r120sfcpu_firmware
- r08pcpu_firmware
- r120pcpu
- r16pcpu_firmware
- r16pcpu
- r08psfcpu
- r08cpu
- r120psfcpu_firmware
CWE
CWE-400
Uncontrolled Resource Consumption