Sign-up

ID

VAR-202012-1362


CVE

CVE-2020-5665


TITLE

Made by Mitsubishi Electric MELSEC iQ-F Service operation interruption in the series (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010261

DESCRIPTION

Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. For recovery CPU The unit needs to be reset

Trust: 1.62

sources: NVD: CVE-2020-5665 // JVNDB: JVNDB-2020-010261

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:melsec iq-f fx5u cpuscope:lteversion:1.060

Trust: 1.0

vendor:mitsubishi electricmodel:melsec iq-f seriesscope:eqversion:fx5u(c) cpu ユニット ファームウェアバージョン 1.060

Trust: 0.8

sources: JVNDB: JVNDB-2020-010261 // NVD: CVE-2020-5665

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-5665
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-010261
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202012-854
value: HIGH

Trust: 0.6

NVD: CVE-2020-5665
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2020-5665
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-010261
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010261 // CNNVD: CNNVD-202012-854 // NVD: CVE-2020-5665

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-703

Trust: 0.8

sources: JVNDB: JVNDB-2020-010261 // NVD: CVE-2020-5665

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202012-854

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-854

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-5665

PATCH
title:MELSEC iQ-FシリーズCPUユニットのEthernetポートにおける サービス拒否(DoS)の脆弱性url:https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf
Trust: 0.8
title:Misubishi Electric MELSEC iQ-F series Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=136938
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010261 // 
            
            
            
            CNNVD: CNNVD-202012-854

EXTERNAL IDS
db:ICS CERTid:ICSA-20-345-01
Trust: 2.4
db:JVNid:JVNVU95638588
Trust: 2.4
db:NVDid:CVE-2020-5665
Trust: 2.4
db:JVNDBid:JVNDB-2020-010261
Trust: 0.8
db:AUSCERTid:ESB-2020.4380
Trust: 0.6
db:CNNVDid:CNNVD-202012-854
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010261 // 
            
            
            
            CNNVD: CNNVD-202012-854 // 
            
            
            
            NVD: CVE-2020-5665

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01
Trust: 3.0
url:https://jvn.jp/vu/jvnvu95638588/index.html
Trust: 1.6
url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-018_en.pdf
Trust: 1.6
url:https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5665
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95638588
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.4380/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5665
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010261 // 
            
            
            
            CNNVD: CNNVD-202012-854 // 
            
            
            
            NVD: CVE-2020-5665

SOURCES
db:JVNDBid:JVNDB-2020-010261
db:CNNVDid:CNNVD-202012-854
db:NVDid:CVE-2020-5665

LAST UPDATE DATE
2022-05-04T09:32:37.087000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-010261date:2021-01-04T06:10:33
db:CNNVDid:CNNVD-202012-854date:2020-12-16T00:00:00
db:NVDid:CVE-2020-5665date:2021-07-21T11:39:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-010261date:2021-01-04T06:10:33
db:CNNVDid:CNNVD-202012-854date:2020-12-10T00:00:00
db:NVDid:CVE-2020-5665date:2020-12-14T03:15:00