Sign-up

ID

VAR-202006-0119


CVE

CVE-2020-13238


TITLE

Made by Mitsubishi Electric  MELSEC iQ-R  Of the series  Ethernet  Port resource exhaustion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-005243

DESCRIPTION

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Resource exhaustion vulnerabilities in series units (CWE-400) Exists This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.When a malicious packet is received from a remote third party, Ethernet Port communication interferes with service operation (DoS) It may be in a state. A reset is required for recovery. Misubishi Electric MELSEC iQ-R series is a programmable logic controller manufactured by Misubishi Electric, Japan

Trust: 2.25

sources: NVD: CVE-2020-13238 // JVNDB: JVNDB-2020-005243 // CNVD: CNVD-2020-46803 // VULMON: CVE-2020-13238

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-46803

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:melsec iq-r08pcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-rj71en71scope:eqversion:*

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r01cpuscope:lteversion:7

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r00cpuscope:lteversion:7

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r08fcpuscope:lteversion:20

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r120pcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r04cpuscope:lteversion:39

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r08cpuscope:lteversion:39

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r16cpuscope:lteversion:39

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r16fcpuscope:lteversion:20

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r16pcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r32sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r120fcpuscope:lteversion:20

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r02cpuscope:lteversion:7

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r32fcpuscope:lteversion:20

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r16sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r32cpuscope:lteversion:39

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r32pcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r120cpuscope:lteversion:39

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r08sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishielectricmodel:melsec iq-r120sfcpuscope:eqversion:*

Trust: 1.0

vendor:三菱電機model:melsec iq-r シリーズscope:eqversion: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r シリーズscope:lteversion:melsec iq-r series r00/01/02cpu firmware version "7" and earlier

Trust: 0.8

vendor:三菱電機model:melsec iq-r シリーズscope:lteversion:melsec iq-r series r04/08/16/32/120cpu , r04/08/16/32/120encpu firmware version "39" and earlier

Trust: 0.8

vendor:三菱電機model:melsec iq-r シリーズscope:lteversion:melsec iq-r series r08/16/32/120sfcpu firmware version "20 " and earlier

Trust: 0.8

vendor:三菱電機model:melsec iq-r シリーズscope:lteversion:melsec iq-r series r08/16/32/120pcpu firmware version " 24 " and earlier

Trust: 0.8

vendor:三菱電機model:melsec iq-r シリーズscope:lteversion:melsec iq-r series r08/16/32/120psfcpu firmware version " 05 " and earlier

Trust: 0.8

vendor:三菱電機model:melsec iq-r シリーズscope:lteversion:melsec iq-r series rj71en71 firmware version " 49 " and earlier

Trust: 0.8

vendor:mitsubishimodel:electric r04/08/16/32/120encpuscope:lteversion:<=39

Trust: 0.6

vendor:mitsubishimodel:electric r00/01/02cpuscope:lteversion:<=7

Trust: 0.6

vendor:mitsubishimodel:electric r08/16/32/120sfcpuscope:lteversion:<=20

Trust: 0.6

vendor:mitsubishimodel:electric r08/16/32/120pcpuscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric r08/16/32/120psfcpuscope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric rj71en71scope: - version: -

Trust: 0.6

vendor:mitsubishimodel:electric r04/08/16/32/120cpuscope:lteversion:<=39

Trust: 0.6

sources: CNVD: CNVD-2020-46803 // JVNDB: JVNDB-2020-005243 // NVD: CVE-2020-13238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13238
value: HIGH

Trust: 1.0

JPCERT/CC: JVNDB-2020-005243
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-46803
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-827
value: HIGH

Trust: 0.6

VULMON: CVE-2020-13238
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-13238
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

JPCERT/CC: JVNDB-2020-005243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-46803
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-13238
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

JPCERT/CC: JVNDB-2020-005243
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-46803 // VULMON: CVE-2020-13238 // JVNDB: JVNDB-2020-005243 // CNNVD: CNNVD-202006-827 // NVD: CVE-2020-13238

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [JPCERT/CC Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-005243 // NVD: CVE-2020-13238

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-827

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202006-827

PATCH

title:MELSEC iQ-R Of the series Ethernet Denial of service on port (DoS) Vulnerabilityurl:https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-001.pdf

Trust: 0.8

title: - url:https://github.com/yossireuven/Publications

Trust: 0.1

sources: VULMON: CVE-2020-13238 // JVNDB: JVNDB-2020-005243

EXTERNAL IDS

db:ICS CERTid:ICSA-20-161-02

Trust: 3.1

db:NVDid:CVE-2020-13238

Trust: 3.1

db:JVNid:JVNVU97662844

Trust: 2.5

db:JVNDBid:JVNDB-2020-005243

Trust: 0.8

db:CNVDid:CNVD-2020-46803

Trust: 0.6

db:AUSCERTid:ESB-2020.2013

Trust: 0.6

db:CNNVDid:CNNVD-202006-827

Trust: 0.6

db:VULMONid:CVE-2020-13238

Trust: 0.1

sources: CNVD: CNVD-2020-46803 // VULMON: CVE-2020-13238 // JVNDB: JVNDB-2020-005243 // CNNVD: CNNVD-202006-827 // NVD: CVE-2020-13238

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-161-02

Trust: 3.7

url:http://jvn.jp/vu/jvnvu97662844/index.html

Trust: 2.5

url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-13238

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2013/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-161-02

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/yossireuven/publications

Trust: 0.1

sources: CNVD: CNVD-2020-46803 // VULMON: CVE-2020-13238 // JVNDB: JVNDB-2020-005243 // CNNVD: CNNVD-202006-827 // NVD: CVE-2020-13238

SOURCES

db:CNVDid:CNVD-2020-46803
db:VULMONid:CVE-2020-13238
db:JVNDBid:JVNDB-2020-005243
db:CNNVDid:CNNVD-202006-827
db:NVDid:CVE-2020-13238

LAST UPDATE DATE

2024-11-23T23:04:23.619000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-46803date:2020-08-19T00:00:00
db:VULMONid:CVE-2020-13238date:2020-06-23T00:00:00
db:JVNDBid:JVNDB-2020-005243date:2021-04-21T04:58:00
db:CNNVDid:CNNVD-202006-827date:2020-11-06T00:00:00
db:NVDid:CVE-2020-13238date:2024-11-21T05:00:51.327

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-46803date:2020-08-19T00:00:00
db:VULMONid:CVE-2020-13238date:2020-06-10T00:00:00
db:JVNDBid:JVNDB-2020-005243date:2020-06-10T00:00:00
db:CNNVDid:CNNVD-202006-827date:2020-06-09T00:00:00
db:NVDid:CVE-2020-13238date:2020-06-10T20:15:14.140