Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-5656 (GCVE-0-2020-5656)
Vulnerability from cvelistv5 – Published: 2020-10-30 03:35 – Updated: 2024-08-04 08:39- Fails to restrict access
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.co.jp/psirt/vulner… | x_refsource_MISC |
| https://www.mitsubishielectric.com/en/psirt/vulne… | x_refsource_MISC |
| https://jvn.jp/vu/JVNVU92513419/index.html | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R series |
Affected:
RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T03:35:53.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5656",
"datePublished": "2020-10-30T03:35:53.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-5656",
"date": "2026-07-02",
"epss": "0.02933",
"percentile": "0.85397"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-5656\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2020-11-02T21:15:33.960\",\"lastModified\":\"2024-11-21T05:34:26.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de control de acceso inapropiado en la funci\u00f3n TCP/IP incluida en el firmware de la serie MELSEC iQ-R (los 2 d\u00edgitos del n\u00famero de serie son \\\"02\\\" o anteriores del EtherNet/IP Network Interface Module First RJ71EIP91, los 2 d\u00edgitos del n\u00famero de serie es \\\"01\\\" o anteriores del PROFINET IO Controller Module First RJ71PN92, los 2 d\u00edgitos del n\u00famero de serie son \\\"08\\\" o anteriores del High Speed Data Logger Module First RD81DL96, los 2 d\u00edgitos del n\u00famero de serie son \\\"04\\\" o anteriores del MES Interface Module First RD81MES96N, y los primeros de 2 d\u00edgitos del n\u00famero de serie son \\\"04\\\" o anteriores a OPC UA Server Module First RD81OPC96), permite a un atacante remoto no autenticado detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9596438-7894-4689-BB8B-5FC2C26A1298\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"668C0031-6B41-487A-958C-E2C8A04E902B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81F4A0C-68C9-474F-A695-CC7A2CB234D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82DE76F0-810F-460A-933B-41E341125A9D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDBB7DF2-C0D9-4F19-966A-C1EFF42BE6D2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC1B4D6-10A5-4DDE-BCF3-01CAE5389232\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7285B9D4-9913-4421-9B47-DA4E9E7C6371\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F76CBB13-1949-4941-A985-CB75D0109E47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14A32E47-C23B-4D2C-9B7E-1C080B1D7011\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48B179ED-8ACC-45EB-92A8-476A4F9F98E4\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU92513419/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU92513419/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2020-5656
Vulnerability from fkie_nvd - Published: 2020-11-02 21:15 - Updated: 2026-06-17 03:22{
"affected": [
{
"affectedData": [
{
"product": "MELSEC iQ-R series",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
],
"source": "vultures@jpcert.or.jp"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9596438-7894-4689-BB8B-5FC2C26A1298",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"matchCriteriaId": "668C0031-6B41-487A-958C-E2C8A04E902B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81F4A0C-68C9-474F-A695-CC7A2CB234D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE76F0-810F-460A-933B-41E341125A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBB7DF2-C0D9-4F19-966A-C1EFF42BE6D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC1B4D6-10A5-4DDE-BCF3-01CAE5389232",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7285B9D4-9913-4421-9B47-DA4E9E7C6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76CBB13-1949-4941-A985-CB75D0109E47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14A32E47-C23B-4D2C-9B7E-1C080B1D7011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48B179ED-8ACC-45EB-92A8-476A4F9F98E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
},
{
"lang": "es",
"value": "Vulnerabilidad de control de acceso inapropiado en la funci\u00f3n TCP/IP incluida en el firmware de la serie MELSEC iQ-R (los 2 d\u00edgitos del n\u00famero de serie son \"02\" o anteriores del EtherNet/IP Network Interface Module First RJ71EIP91, los 2 d\u00edgitos del n\u00famero de serie es \"01\" o anteriores del PROFINET IO Controller Module First RJ71PN92, los 2 d\u00edgitos del n\u00famero de serie son \"08\" o anteriores del High Speed Data Logger Module First RD81DL96, los 2 d\u00edgitos del n\u00famero de serie son \"04\" o anteriores del MES Interface Module First RD81MES96N, y los primeros de 2 d\u00edgitos del n\u00famero de serie son \"04\" o anteriores a OPC UA Server Module First RD81OPC96), permite a un atacante remoto no autenticado detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente dise\u00f1ado"
}
],
"id": "CVE-2020-5656",
"lastModified": "2026-06-17T03:22:02.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-02T21:15:33.960",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-F9W6-P56J-VXGH
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
{
"affected": [],
"aliases": [
"CVE-2020-5656"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-02T21:15:00Z",
"severity": "CRITICAL"
},
"details": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",
"id": "GHSA-f9w6-p56j-vxgh",
"modified": "2022-05-24T17:33:04Z",
"published": "2022-05-24T17:33:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5656"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-5656
Vulnerability from gsd - Updated: 2023-12-13 01:22{
"GSD": {
"alias": "CVE-2020-5656",
"description": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",
"id": "GSD-2020-5656"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-5656"
],
"details": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",
"id": "GSD-2020-5656",
"modified": "2023-12-13T01:22:03.801518Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MELSEC iQ-R series",
"version": {
"version_data": [
{
"version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5656"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92513419/index.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU92513419/index.html"
},
{
"name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-11-10T14:29Z",
"publishedDate": "2020-11-02T21:15Z"
}
}
}
ICSA-20-303-02
Vulnerability from csaf_cisa - Published: 2020-10-29 00:00 - Updated: 2020-10-29 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before
Mitsubishi Electric / OPC UA Server Module RD81OPC96
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
|
|
High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before
Mitsubishi Electric / High Speed Data Logger Module RD81DL96
|
<= first 2 digits of serial number are 08 |
Mitigation
Mitigation
fix
|
|
|
EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before
Mitsubishi Electric / EtherNet/IP Network Interface Module RJ71EIP91
|
<= first 2 digits of serial number are 02 |
Mitigation
Mitigation
fix
|
|
|
PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before
Mitsubishi Electric / PROFINET IO Controller Module RJ71PN92
|
<= first 2 digits of serial number are 01 |
Mitigation
Mitigation
fix
|
|
|
MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before
Mitsubishi Electric / MES Interface Module RD81MES96N
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before
Mitsubishi Electric / OPC UA Server Module RD81OPC96
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
|
|
High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before
Mitsubishi Electric / High Speed Data Logger Module RD81DL96
|
<= first 2 digits of serial number are 08 |
Mitigation
Mitigation
fix
|
|
|
EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before
Mitsubishi Electric / EtherNet/IP Network Interface Module RJ71EIP91
|
<= first 2 digits of serial number are 02 |
Mitigation
Mitigation
fix
|
|
|
PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before
Mitsubishi Electric / PROFINET IO Controller Module RJ71PN92
|
<= first 2 digits of serial number are 01 |
Mitigation
Mitigation
fix
|
|
|
MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before
Mitsubishi Electric / MES Interface Module RD81MES96N
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before
Mitsubishi Electric / OPC UA Server Module RD81OPC96
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
|
|
High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before
Mitsubishi Electric / High Speed Data Logger Module RD81DL96
|
<= first 2 digits of serial number are 08 |
Mitigation
Mitigation
fix
|
|
|
EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before
Mitsubishi Electric / EtherNet/IP Network Interface Module RJ71EIP91
|
<= first 2 digits of serial number are 02 |
Mitigation
Mitigation
fix
|
|
|
PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before
Mitsubishi Electric / PROFINET IO Controller Module RJ71PN92
|
<= first 2 digits of serial number are 01 |
Mitigation
Mitigation
fix
|
|
|
MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before
Mitsubishi Electric / MES Interface Module RD81MES96N
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before
Mitsubishi Electric / OPC UA Server Module RD81OPC96
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
|
|
High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before
Mitsubishi Electric / High Speed Data Logger Module RD81DL96
|
<= first 2 digits of serial number are 08 |
Mitigation
Mitigation
fix
|
|
|
EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before
Mitsubishi Electric / EtherNet/IP Network Interface Module RJ71EIP91
|
<= first 2 digits of serial number are 02 |
Mitigation
Mitigation
fix
|
|
|
PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before
Mitsubishi Electric / PROFINET IO Controller Module RJ71PN92
|
<= first 2 digits of serial number are 01 |
Mitigation
Mitigation
fix
|
|
|
MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before
Mitsubishi Electric / MES Interface Module RD81MES96N
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before
Mitsubishi Electric / OPC UA Server Module RD81OPC96
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
|
|
High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before
Mitsubishi Electric / High Speed Data Logger Module RD81DL96
|
<= first 2 digits of serial number are 08 |
Mitigation
Mitigation
fix
|
|
|
EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before
Mitsubishi Electric / EtherNet/IP Network Interface Module RJ71EIP91
|
<= first 2 digits of serial number are 02 |
Mitigation
Mitigation
fix
|
|
|
PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before
Mitsubishi Electric / PROFINET IO Controller Module RJ71PN92
|
<= first 2 digits of serial number are 01 |
Mitigation
Mitigation
fix
|
|
|
MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before
Mitsubishi Electric / MES Interface Module RD81MES96N
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before
Mitsubishi Electric / OPC UA Server Module RD81OPC96
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
|
|
High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before
Mitsubishi Electric / High Speed Data Logger Module RD81DL96
|
<= first 2 digits of serial number are 08 |
Mitigation
Mitigation
fix
|
|
|
EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before
Mitsubishi Electric / EtherNet/IP Network Interface Module RJ71EIP91
|
<= first 2 digits of serial number are 02 |
Mitigation
Mitigation
fix
|
|
|
PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before
Mitsubishi Electric / PROFINET IO Controller Module RJ71PN92
|
<= first 2 digits of serial number are 01 |
Mitigation
Mitigation
fix
|
|
|
MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before
Mitsubishi Electric / MES Interface Module RD81MES96N
|
<= first 2 digits of serial number are 04 |
Mitigation
Mitigation
fix
|
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-303-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-303-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-303-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-303-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Mitsubishi Electric MELSEC iQ-R",
"tracking": {
"current_release_date": "2020-10-29T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-303-02",
"initial_release_date": "2020-10-29T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-10-29T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-20-303-02 Mitsubishi Electric MELSEC iQ-R Series"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= first 2 digits of serial number are 04 ",
"product": {
"name": "OPC UA Server Module RD81OPC96: First 2 digits of serial number are 04 or before",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "OPC UA Server Module RD81OPC96"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= first 2 digits of serial number are 08",
"product": {
"name": "High Speed Data Logger Module RD81DL96: First 2 digits of serial number are 08 or before",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "High Speed Data Logger Module RD81DL96"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= first 2 digits of serial number are 02",
"product": {
"name": "EtherNet/IP Network Interface Module RJ71EIP91: First 2 digits of serial number are 02 or before",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "EtherNet/IP Network Interface Module RJ71EIP91"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= first 2 digits of serial number are 01",
"product": {
"name": "PROFINET IO Controller Module RJ71PN92: First 2 digits of serial number are 01 or before",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "PROFINET IO Controller Module RJ71PN92"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= first 2 digits of serial number are 04",
"product": {
"name": "MES Interface Module RD81MES96N: First 2 digits of serial number are 04 or before",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "MES Interface Module RD81MES96N"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-5653",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5653 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5653"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Block access from untrusted networks and hosts through firewalls.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2020-5654",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"notes": [
{
"category": "summary",
"text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5654 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5654"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Block access from untrusted networks and hosts through firewalls.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2020-5655",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5655 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5655"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Block access from untrusted networks and hosts through firewalls.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2020-5656",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5656 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5656"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Block access from untrusted networks and hosts through firewalls.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2020-5657",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5657 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5657"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Block access from untrusted networks and hosts through firewalls.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2020-5658",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An attacker could deliver a specially crafted packet that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.CVE-2020-5658 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5658"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Block access from untrusted networks and hosts through firewalls.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Please refer to Mitsubishi Electric\u0027s website for details on available patches. Mitsubishi recommends users update their products by downloading and applying the latest versions. Please contact a Mitsubishi Electric representative for additional details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
}
]
}
VAR-202011-1252
Vulnerability from variot - Updated: 2022-05-04 09:15Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. ‥ * Buffer error (CWE-119) - CVE-2020-5653 ‥ * Session immobilization (CWE-384) - CVE-2020-5654 ‥ * NULL Pointer dereference (CWE-476) - CVE-2020-5655 ‥ * Inappropriate access control (CWE-284) - CVE-2020-5656 ‥ * Insert or change arguments (CWE-88) - CVE-2020-5657 ‥ * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product's network functionality to stop or malicious programs to run
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-rj71pn92",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81dl96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81opc96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rd81mes96n",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-rj71eip91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "ethernet/ip \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rj71eip91: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d02\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "mes \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u30e6\u30cb\u30c3\u30c8 rd81mes96n: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "opc ua \u30b5\u30fc\u30d0\u30e6\u30cb\u30c3\u30c8 rd81opc96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d04\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "profinet io \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30e6\u30cb\u30c3\u30c8 rj71pn92: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d01\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u9ad8\u901f\u30c7\u30fc\u30bf\u30ed\u30ac\u30fc\u30e6\u30cb\u30c3\u30c8 rd81dl96: \u30b7\u30ea\u30a2\u30eb no. \u306e\u4e0a 2\u6841\u304c \u201d08\u201d \u304a\u3088\u3073\u305d\u308c\u4ee5\u4e0b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71eip91_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71eip91:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71pn92_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71pn92:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81dl96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81dl96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81mes96n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81mes96n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:melsec_iq-rd81opc96_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:melsec_iq-rd81opc96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"cve": "CVE-2020-5656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5656",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5656",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009429",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 1.6,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-5656",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-009429",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1662",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are \u002702\u0027 or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are \u002701\u0027 or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are \u002708\u0027 or before, RD81MES96N MES Interface Module First 2 digits of serial number are \u002704\u0027 or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are \u002704\u0027 or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series EtherNet/IP Network interface unit, PROFINET IO Controller unit, high-speed data logger unit, MES Interface unit and OPC UA Of the server unit TCP/IP There are multiple vulnerabilities in the stack. \u2025 * Buffer error (CWE-119) - CVE-2020-5653 \u2025 * Session immobilization (CWE-384) - CVE-2020-5654 \u2025 * NULL Pointer dereference (CWE-476) - CVE-2020-5655 \u2025 * Inappropriate access control (CWE-284) - CVE-2020-5656 \u2025 * Insert or change arguments (CWE-88) - CVE-2020-5657 \u2025 * Resource management issues (CWE-399) - CVE-2020-5658 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Receiving packets crafted by a third party can cause the product\u0027s network functionality to stop or malicious programs to run",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "VULMON",
"id": "CVE-2020-5656"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92513419",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-5656",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-303-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.3753",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5656",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"id": "VAR-202011-1252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21111111
},
"last_update_date": "2022-05-04T09:15:37.828000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u30b7\u30ea\u30fc\u30ba\u306e\u5404\u7a2e\u60c5\u5831\uff0f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30e6\u30cb\u30c3\u30c8\u306e TCP/IP\u6a5f\u80fd\u306b\u304a\u3051\u308b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"title": "Mitsubishi Electric MELSEC iQ-R, Q and L Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=132139"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/vu/jvnvu92513419/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-303-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5654"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5657"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5653"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92513419/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5656"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3753/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"date": "2020-11-02T21:15:00",
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5656"
},
{
"date": "2020-11-05T06:29:48",
"db": "JVNDB",
"id": "JVNDB-2020-009429"
},
{
"date": "2020-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1662"
},
{
"date": "2020-11-10T14:29:00",
"db": "NVD",
"id": "CVE-2020-5656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1662"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.