Details of VAR-202002-1038

ID

VAR-202002-1038

CVE

CVE-2020-5531

TITLE

Mitsubishi Electric MELSEC C Language controller unit and MELIPC series MI5000 Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-001591

DESCRIPTION

Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. Provided by Mitsubishi Electric Corporation MELSEC C Language controller unit and MELIPC series MI5000 In Wind River Company real-time OS Is VxWorks of TCP/IP Network stack (IPnet) The following vulnerabilities discovered in ( Known as " URGENT/11 " ) There are multiple vulnerabilities due to. * Q24DHCCPU-V and Q24DHCCPU-VG* Buffer error (CWE-119) - CVE-2019-12255* Buffer error (CWE-119) - CVE-2019-12257* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265* R12CCPU-V and RD55UP06-V* Buffer error (CWE-119) - CVE-2019-12256* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265* MI5122-VW* Buffer error (CWE-119) - CVE-2019-12256* Session fixation (CWE-384) - CVE-2019-12258* NULL Pointer dereferencing (CWE-476) - CVE-2019-12259* Buffer error (CWE-119) - CVE-2019-12260* Buffer error (CWE-119) - CVE-2019-12261* Improper access control (CWE-284) - CVE-2019-12262* Buffer error (CWE-119) - CVE-2019-12263* Insert or change arguments (CWE-88) - CVE-2019-12264* Resource management issues (CWE-399) - CVE-2019-12265Crafted by a remote third party TCP Receiving the packet may cause the product service to stop or the malware to be executed. Mitsubishi Electric MELSEC-Q Series is a programmable logic controller of MELSEC-Q series. Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 TCP / IP functions have security holes. A remote attacker could use this vulnerability to cause a denial of service and / or run malware

Trust: 2.34

sources: NVD: CVE-2020-5531 // JVNDB: JVNDB-2020-001591 // CNVD: CNVD-2020-13174 // IVD: b68d141b-8812-49a8-820f-878c70d9f9e5

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: b68d141b-8812-49a8-820f-878c70d9f9e5 // CNVD: CNVD-2020-13174

AFFECTED PRODUCTS

vendor:	mitsubishielectric	model:	q24dhccpu-vg	scope:	lte	version:	21121	Trust: 1.0
vendor:	mitsubishielectric	model:	mi5122-vw	scope:	lte	version:	03	Trust: 1.0
vendor:	mitsubishielectric	model:	r12ccpu-v	scope:	lte	version:	11	Trust: 1.0
vendor:	mitsubishielectric	model:	q24dhccpu-v	scope:	lte	version:	21121	Trust: 1.0
vendor:	mitsubishielectric	model:	rd55up06-v	scope:	lte	version:	08	Trust: 1.0
vendor:	三菱電機	model:	melsec-q シリーズ c言語コントローラユニット	scope:	eq	version:	first 5 digits of serial number are 21121 or before	Trust: 0.8
vendor:	三菱電機	model:	melsec iq-r シリーズ c言語コントローラユニット	scope:	eq	version:	first 2 digits of serial number are 08 or before	Trust: 0.8
vendor:	三菱電機	model:	melsec iq-r シリーズ c言語インテリジェント機能ユニット	scope:	eq	version:	first 2 digits of serial number are 11 or before	Trust: 0.8
vendor:	三菱電機	model:	melsec iq-r シリーズ c言語インテリジェント機能ユニット	scope:	eq	version:	first 2 digits of serial number are 08 or before	Trust: 0.8
vendor:	三菱電機	model:	melipc シリーズ mi5000	scope:	eq	version:	the first two digits of the serial number are “03” or less, or the firmware version is “03” or less	Trust: 0.8
vendor:	三菱電機	model:	melsec iq-r シリーズ c言語コントローラユニット	scope:	eq	version:	first 2 digits of serial number are 11 or before	Trust: 0.8
vendor:	mitsubishi	model:	electric q24dhccpu-v user ethernet port	scope:	-	version:	-	Trust: 0.6
vendor:	mitsubishi	model:	electric 24dhccpu-vg user ethernet port	scope:	-	version:	-	Trust: 0.6
vendor:	mitsubishi	model:	electric r12ccpu-v ethernet port	scope:	-	version:	-	Trust: 0.6
vendor:	mitsubishi	model:	electric rd55up06-v ethernet port	scope:	-	version:	-	Trust: 0.6
vendor:	mitsubishi	model:	electric mi5122-vw ethernet port	scope:	-	version:	-	Trust: 0.6
vendor:	mi5122 vw	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	q24dhccpu v	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	q24dhccpu vg	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	r12ccpu v	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	rd55up06 v	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: b68d141b-8812-49a8-820f-878c70d9f9e5 // CNVD: CNVD-2020-13174 // JVNDB: JVNDB-2020-001591 // NVD: CVE-2020-5531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5531
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2020-13174
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202002-848
value:	CRITICAL
Trust: 0.6
IVD:	b68d141b-8812-49a8-820f-878c70d9f9e5
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2020-5531
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-13174
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	b68d141b-8812-49a8-820f-878c70d9f9e5
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2020-5531
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: IVD: b68d141b-8812-49a8-820f-878c70d9f9e5 // CNVD: CNVD-2020-13174 // CNNVD: CNNVD-202002-848 // NVD: CVE-2020-5531

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-5531

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-848

TYPE

other

Trust: 0.8

sources: IVD: b68d141b-8812-49a8-820f-878c70d9f9e5 // CNNVD: CNNVD-202002-848

PATCH

title:	MELSEC C Language controller unit and MELIPC series MI5000 of TCP/IP Multiple vulnerabilities in features	url:	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-003.pdf	Trust: 0.8
title:	Patch for Unknown vulnerability in Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 TCP / IP functions	url:	https://www.cnvd.org.cn/patchInfo/show/204581	Trust: 0.6
title:	Multiple Mitsubishi Electric Product security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=111196	Trust: 0.6

sources: CNVD: CNVD-2020-13174 // JVNDB: JVNDB-2020-001591 // CNNVD: CNNVD-202002-848

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5531	Trust: 3.2
db:	JVN	id:	JVNVU95424547	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-001591	Trust: 2.0
db:	CNVD	id:	CNVD-2020-13174	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-848	Trust: 0.8
db:	ICS CERT	id:	ICSA-19-274-01	Trust: 0.8
db:	IVD	id:	B68D141B-8812-49A8-820F-878C70D9F9E5	Trust: 0.2

sources: IVD: b68d141b-8812-49a8-820f-878c70d9f9e5 // CNVD: CNVD-2020-13174 // JVNDB: JVNDB-2020-001591 // CNNVD: CNNVD-202002-848 // NVD: CVE-2020-5531

REFERENCES

url:	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-003_en.pdf	Trust: 1.6
url:	https://jvn.jp/en/vu/jvnvu95424547/index.html	Trust: 1.6
url:	https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-001591.html	Trust: 1.2
url:	https://jvn.jp/vu/jvnvu95424547/	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-274-01	Trust: 0.8
url:	https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5531	Trust: 0.6

sources: CNVD: CNVD-2020-13174 // JVNDB: JVNDB-2020-001591 // CNNVD: CNNVD-202002-848 // NVD: CVE-2020-5531

SOURCES

db:	IVD	id:	b68d141b-8812-49a8-820f-878c70d9f9e5
db:	CNVD	id:	CNVD-2020-13174
db:	JVNDB	id:	JVNDB-2020-001591
db:	CNNVD	id:	CNNVD-202002-848
db:	NVD	id:	CVE-2020-5531

LAST UPDATE DATE

2024-11-23T21:02:43.771000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-13174	date:	2020-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-001591	date:	2020-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202002-848	date:	2023-05-19T00:00:00
db:	NVD	id:	CVE-2020-5531	date:	2024-11-21T05:34:13.560

SOURCES RELEASE DATE

db:	IVD	id:	b68d141b-8812-49a8-820f-878c70d9f9e5	date:	2020-02-17T00:00:00
db:	CNVD	id:	CNVD-2020-13174	date:	2020-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-001591	date:	2020-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202002-848	date:	2020-02-17T00:00:00
db:	NVD	id:	CVE-2020-5531	date:	2020-02-17T07:15:16.473