CVE-2020-5668 Vulnerability Details

  /     /     /  

CVE-2020-5668 Metadata Quick Info

CVE Published: 20/11/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: jpcert | Vendor: Mitsubishi Electric Corporation | Product: MELSEC iQ-R
Status : PUBLISHED

---

CVE-2020-5668 Description

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version \'19\' and earlier, R04/08/16/32/120 (EN) CPU firmware version \'51\' and earlier, R08/16/32/120SFCPU firmware version \'22\' and earlier, R08/16/32/120PCPU firmware version \'25\' and earlier, R08/16/32/120PSFCPU firmware version \'06\' and earlier, RJ71EN71 firmware version \'47\' and earlier, RJ71GF11-T2 firmware version \'47\' and earlier, RJ72GF15-T2 firmware version \'07\' and earlier, RJ71GP21-SX firmware version \'47\' and earlier, RJ71GP21S-SX firmware version \'47\' and earlier, and RJ71GN11-T2 firmware version \'11\' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Uncontrolled Resource Consumption
Source: Mitsubishi Electric Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).