CVE-2020-5527 - Vulnerability Details

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00468.

Key SSVC decision points have not yet been added.

Vendors	Products
Mitsubishielectric Subscribe	Cr800-q Subscribe Cr800-q Firmware Subscribe Fx3g Subscribe Fx3g Firmware Subscribe Fx3gc Subscribe Fx3gc Firmware Subscribe Fx3s Subscribe Fx3s Firmware Subscribe Fx3u Subscribe Fx3u Firmware Subscribe Fx3uc Subscribe Fx3uc Firmware Subscribe Fx5u Subscribe Fx5u Firmware Subscribe Fx5uc Subscribe Fx5uc Firmware Subscribe Fx5uj Subscribe Fx5uj Firmware Subscribe L02cpu Subscribe L02cpu-p Subscribe L02cpu-p Firmware Subscribe L02cpu Firmware Subscribe L02scpu Subscribe L02scpu-p Subscribe L02scpu-p Firmware Subscribe L02scpu Firmware Subscribe L06cpu Subscribe L06cpu-p Subscribe L06cpu-p Firmware Subscribe L06cpu Firmware Subscribe L26cpu Subscribe L26cpu-bt Subscribe L26cpu-bt Firmware Subscribe L26cpu-p Subscribe L26cpu-p Firmware Subscribe L26cpu-pbt Subscribe L26cpu-pbt Firmware Subscribe L26cpu Firmware Subscribe Q02phcpu Subscribe Q02phcpu Firmware Subscribe Q06phcpu Subscribe Q06phcpu Firmware Subscribe Q12dccpu-v Subscribe Q12dccpu-v Firmware Subscribe Q12phcpu Subscribe Q12phcpu Firmware Subscribe Q12prhcpu Subscribe Q12prhcpu Firmware Subscribe Q172dscpu Subscribe Q172dscpu Firmware Subscribe Q173dscpu Subscribe Q173dscpu Firmware Subscribe Q173nccpu Subscribe Q173nccpu Firmware Subscribe Q24dhccpu-ls Subscribe Q24dhccpu-ls Firmware Subscribe Q24dhccpu-v Subscribe Q24dhccpu-v Firmware Subscribe Q24dhccpu-vg2 Subscribe Q24dhccpu-vg2 Firmware Subscribe Q25phcpu Subscribe Q25phcpu Firmware Subscribe Q25prhcpu Subscribe Q25prhcpu Firmware Subscribe Q26dhccpu-ls Subscribe Q26dhccpu-ls Firmware Subscribe R00cpu Subscribe R00cpu Firmware Subscribe R01cpu Subscribe R01cpu Firmware Subscribe R02cpu Subscribe R02cpu Firmware Subscribe R04cpu Subscribe R04cpu Firmware Subscribe R04encpu Subscribe R04encpu Firmware Subscribe R08cpu Subscribe R08cpu Firmware Subscribe R08encpu Subscribe R08encpu Firmware Subscribe R120cpu Subscribe R120cpu Firmware Subscribe R120encpu Subscribe R120encpu Firmware Subscribe R16cpu Subscribe R16cpu Firmware Subscribe R16encpu Subscribe R16encpu Firmware Subscribe R32cpu Subscribe R32cpu Firmware Subscribe R32encpu Subscribe R32encpu Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:cr800-q_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:cr800-q:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:fx3g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx3g:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:fx3gc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx3gc:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishielectric:fx3s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx3s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitsubishielectric:fx3u_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx3u:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitsubishielectric:fx3uc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx3uc:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitsubishielectric:fx5u_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx5u:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mitsubishielectric:l02cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l02cpu:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mitsubishielectric:l02cpu-p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mitsubishielectric:l02scpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l02scpu:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:mitsubishielectric:l02scpu-p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l02scpu-p:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:mitsubishielectric:l06cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l06cpu:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:mitsubishielectric:l06cpu-p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l06cpu-p:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:mitsubishielectric:l26cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l26cpu:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:mitsubishielectric:l26cpu-bt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:mitsubishielectric:l26cpu-p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l26cpu-p:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:mitsubishielectric:l26cpu-pbt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l26cpu-pbt:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:mitsubishielectric:q02phcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q02phcpu:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:mitsubishielectric:q06phcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q06phcpu:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:mitsubishielectric:q12dccpu-v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q12dccpu-v:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:mitsubishielectric:q12phcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q12phcpu:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:mitsubishielectric:q12prhcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q12prhcpu:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:mitsubishielectric:q172dscpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q172dscpu:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:mitsubishielectric:q173dscpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q173dscpu:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:mitsubishielectric:q173nccpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q173nccpu:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:mitsubishielectric:q24dhccpu-ls_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q24dhccpu-ls:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:mitsubishielectric:q24dhccpu-v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q24dhccpu-v:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:mitsubishielectric:q24dhccpu-vg2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q24dhccpu-vg2:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:mitsubishielectric:q25phcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q25phcpu:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:mitsubishielectric:q25prhcpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q25prhcpu:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:mitsubishielectric:q26dhccpu-ls_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q26dhccpu-ls:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r00cpu:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r01cpu:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r02cpu:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r04cpu:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r08cpu:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r120cpu:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r16cpu:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r32cpu:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-26690	When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU91553662/index.html
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2020-03-30T07:10:14

Updated: 2024-08-04T08:30:24.568Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5527

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-30T08:15:17.640

Modified: 2024-11-21T05:34:13.020

Link: CVE-2020-5527

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-400

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object