CVE-2020-5666 Vulnerability Details

  /     /     /  

CVE-2020-5666 Metadata Quick Info

CVE Published: 16/11/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: jpcert | Vendor: Mitsubishi Electric Corporation | Product: MELSEC iQ-R Series CPU Modules
Status : PUBLISHED

---

CVE-2020-5666 Description

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from \'05\' to \'19\' and R04/08/16/32/120(EN)CPU Firmware versions from \'35\' to \'51\') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from 05 to 19 and R04/08/16/32/120(EN)CPU Firmware versions from 35 to 51 ) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.
Source: Mitsubishi Electric Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).