Search

Find a vulnerability

Search criteria

    5 vulnerabilities found for MELSEC iQ-F series by Mitsubishi Electric

    VAR-202006-1511

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.

    There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "melsec-q",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-f",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec-fx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec fx series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec iq-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec iq-r series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec l series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec q series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "electric melsec fx",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec iq-r",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec iq-f",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec q",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec l",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-5594",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5594",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46802",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5594",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 10,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005854",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5594",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-005854",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46802",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1590",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5594",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91424496",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-175-01",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2176",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "id": "VAR-202006-1511",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          }
        ],
        "trust": 1.3499999919999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:33:25.234000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba   \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu91424496"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "date": "2020-06-23T08:15:10.487000",
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "date": "2020-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "date": "2024-11-21T05:34:19.893000",
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC iQ-R , iQ-F , Q , L , FX Of the series  CPU With the unit  GX Works3 and  GX Works2 Vulnerability in plaintext communication between",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-1411

    Vulnerability from variot - Updated: 2024-11-23 20:02

    When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R , iQ-F , Q , L , F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company.

    Many Mitsubishi Electric products have resource management error vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1411",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cr800-q",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q25prhcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r32encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q12prhcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-pbt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q26dhccpu-ls",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r16encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l06cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q12dccpu-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q25phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r32cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r120encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r120cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q02phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q24dhccpu-ls",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l06cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r08cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q172dscpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r00cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-bt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r04encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q24dhccpu-vg2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q12phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r16cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3gc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q24dhccpu-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r01cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r02cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q06phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q173nccpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q173dscpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r08encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02scpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02scpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r04cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "melsec f series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec iq-f series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec iq-r series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec l series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec q series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric melsec iq-r series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          },
          {
            "model": "electric melsec iq-f series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          },
          {
            "model": "electric melsec q series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          },
          {
            "model": "electric melsec l series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          },
          {
            "model": "electric melsec f series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_f_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          }
        ]
      },
      "cve": "CVE-2020-5527",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5527",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-002958",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-29576",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5527",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-002958",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5527",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-002958",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-29576",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1699",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R \uff0c iQ-F \uff0c Q \uff0c L \uff0c F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company. \n\r\n\r\nMany Mitsubishi Electric products have resource management error vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5527",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91553662",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-091-02",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1157",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "id": "VAR-202003-1411",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:02:16.059000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSOFT\u4ea4\u4fe1\u30dd\u30fc\u30c8\uff08UDP/IP\uff09\u306b\u304a\u3051\u308b\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-005.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu91553662/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5527"
          },
          {
            "trust": 0.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91553662/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5527"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1157/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "date": "2020-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "date": "2020-03-30T08:15:17.640000",
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "date": "2020-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "date": "2024-11-21T05:34:13.020000",
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC Of the series  MELSOFT Resource exhaustion vulnerability in communication ports",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202012-1362

    Vulnerability from variot - Updated: 2022-05-04 09:32

    Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. For recovery CPU The unit needs to be reset

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1362",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "melsec iq-f fx5u cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.060"
          },
          {
            "model": "melsec iq-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "fx5u(c) cpu \u30e6\u30cb\u30c3\u30c8 \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 1.060"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-f_fx5u_cpu_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.060",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-f_fx5u_cpu:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-f_fx5u_cpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.060",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-f_fx5u_cpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "cve": "CVE-2020-5665",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2020-5665",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-5665",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-010261",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-5665",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-010261",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202012-854",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. For recovery CPU The unit needs to be reset",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5665"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-345-01",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU95638588",
            "trust": 2.4
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5665",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4380",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-854",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "id": "VAR-202012-1362",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.45833334
      },
      "last_update_date": "2022-05-04T09:32:37.087000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC iQ-F\u30b7\u30ea\u30fc\u30baCPU\u30e6\u30cb\u30c3\u30c8\u306eEthernet\u30dd\u30fc\u30c8\u306b\u304a\u3051\u308b \u30b5\u30fc\u30d3\u30b9\u62d2\u5426\uff08DoS\uff09\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf"
          },
          {
            "title": "Misubishi Electric MELSEC iQ-F series Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=136938"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-703",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/vu/jvnvu95638588/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-018_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5665"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu95638588"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4380/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5665"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-04T06:10:33",
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "date": "2020-12-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          },
          {
            "date": "2020-12-14T03:15:00",
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-04T06:10:33",
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          },
          {
            "date": "2020-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          },
          {
            "date": "2021-07-21T11:39:00",
            "db": "NVD",
            "id": "CVE-2020-5665"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC iQ-F Service operation interruption in the series  (DoS) Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010261"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-854"
          }
        ],
        "trust": 0.6
      }
    }

    JVNDB-2020-005854

    Vulnerability from jvndb - Published: 2020-06-24 10:32 - Updated:2020-06-24 10:32
    Severity
    Summary
    Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information
    Details
    Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
      "dc:date": "2020-06-24T10:32+09:00",
      "dcterms:issued": "2020-06-24T10:32+09:00",
      "dcterms:modified": "2020-06-24T10:32+09:00",
      "description": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:mitsubishielectric:melsec-fx_firmware",
          "@product": "MELSEC FX series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
          "@product": "MELSEC L series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
          "@product": "MELSEC Q series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
          "@product": "MELSEC iQ-F series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
          "@product": "MELSEC iQ-R series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "10.0",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2020-005854",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU91424496/",
          "@id": "JVNVU#91424496",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594",
          "@id": "CVE-2020-5594",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594",
          "@id": "CVE-2020-5594",
          "@source": "NVD"
        },
        {
          "#text": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01",
          "@id": "ICSA-20-175-01",
          "@source": "ICS-CERT ADVISORY"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/319.html",
          "@id": "CWE-319",
          "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
        }
      ],
      "title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information"
    }

    JVNDB-2020-002958

    Vulnerability from jvndb - Published: 2020-03-31 13:37 - Updated:2020-04-01 14:45
    Severity
    Summary
    Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port
    Details
    MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400). When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. Mitsubishi Electric Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002958.html",
      "dc:date": "2020-04-01T14:45+09:00",
      "dcterms:issued": "2020-03-31T13:37+09:00",
      "dcterms:modified": "2020-04-01T14:45+09:00",
      "description": "MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400).   When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly.  As a result, it may fall into a denial-of-service (DoS) condition.\r\n\r\nMitsubishi Electric Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002958.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:mitsubishielectric:melsec_f_series",
          "@product": "MELSEC F series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
          "@product": "MELSEC L series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
          "@product": "MELSEC Q series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
          "@product": "MELSEC iQ-F series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
          "@product": "MELSEC iQ-R series",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "@version": "2.0"
        },
        {
          "@score": "5.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-002958",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU91553662/",
          "@id": "JVNVU#91553662",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5527",
          "@id": "CVE-2020-5527",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5527",
          "@id": "CVE-2020-5527",
          "@source": "NVD"
        },
        {
          "#text": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02",
          "@id": "ICSA-20-091-02",
          "@source": "ICS-CERT ADVISORY"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/400.html",
          "@id": "CWE-400",
          "@title": "Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)(CWE-400)"
        }
      ],
      "title": "Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port"
    }