Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for melsec_iq-rd81dl96_firmware by mitsubishielectric
CVE-2020-5658 (GCVE-0-2020-5658)
Vulnerability from nvd – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Resource Management Errors
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Management Errors",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:54.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5658",
"datePublished": "2020-10-30T03:35:54.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5657 (GCVE-0-2020-5657)
Vulnerability from nvd – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:53.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5657",
"datePublished": "2020-10-30T03:35:54.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5656 (GCVE-0-2020-5656)
Vulnerability from nvd – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:53.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5656",
"datePublished": "2020-10-30T03:35:53.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5655 (GCVE-0-2020-5655)
Vulnerability from nvd – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:53.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5655",
"datePublished": "2020-10-30T03:35:53.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5654 (GCVE-0-2020-5654)
Vulnerability from nvd – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Session fixation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:52.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5654",
"datePublished": "2020-10-30T03:35:52.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5653 (GCVE-0-2020-5653)
Vulnerability from nvd – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:52.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5653",
"datePublished": "2020-10-30T03:35:52.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5657 (GCVE-0-2020-5657)
Vulnerability from cvelistv5 – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:53.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5657",
"datePublished": "2020-10-30T03:35:54.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5658 (GCVE-0-2020-5658)
Vulnerability from cvelistv5 – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Resource Management Errors
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Management Errors",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:54.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5658",
"datePublished": "2020-10-30T03:35:54.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5655 (GCVE-0-2020-5655)
Vulnerability from cvelistv5 – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:53.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5655",
"datePublished": "2020-10-30T03:35:53.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5656 (GCVE-0-2020-5656)
Vulnerability from cvelistv5 – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:53.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5656",
"datePublished": "2020-10-30T03:35:53.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5654 (GCVE-0-2020-5654)
Vulnerability from cvelistv5 – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Session fixation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:52.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5654",
"datePublished": "2020-10-30T03:35:52.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5653 (GCVE-0-2020-5653)
Vulnerability from cvelistv5 – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39
VLAI?
Summary
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:52.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5653",
"datePublished": "2020-10-30T03:35:52.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}