ID

VAR-202112-0207


CVE

CVE-2021-20609


TITLE

MELSEC  and  MELIPC  Series resource exhaustion vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-005271

DESCRIPTION

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. MELSEC and MELIPC There is a resource exhaustion vulnerability in the series.Denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-20609 // JVNDB: JVNDB-2021-005271

AFFECTED PRODUCTS

vendor:mitsubishimodel:melsec q26udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q100udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q13udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melipc mi5122-vwscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q24dhccpu-v\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q50udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q12dccpu-vscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r04 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q03udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec mr-mq100scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q06udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q172dscpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec l26cpu-\ btscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r64 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q04udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q173dscpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r02 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec q26udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q04udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec l02cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q170mscpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q173dcpu-s1scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec q26dhccpu-lsscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q10udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec l26cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q20udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec l06cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q06udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r01 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r04 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r12 ccpu-vscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q04udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q06udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec q13udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q03udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q170mcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q26udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r00 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec q172dcpu-s1scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q24dhccpu-lsscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q13udecpuscope:eqversion:*

Trust: 1.0

vendor:三菱電機model:melsec iq-r r02cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r32cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r00cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r01cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r120cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r04cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r16pcpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r16cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r08pcpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r08cpuscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005271 // NVD: CVE-2021-20609

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20609
value: HIGH

Trust: 1.0

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp: CVE-2021-20609
value: HIGH

Trust: 1.0

NVD: CVE-2021-20609
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-2335
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-20609
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-20609
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-20609
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-005271 // CNNVD: CNNVD-202111-2335 // NVD: CVE-2021-20609 // NVD: CVE-2021-20609

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005271 // NVD: CVE-2021-20609

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-2335

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202111-2335

PATCH

title:Multiple Denial-of-Service Vulnerabilities in Ethernet port of MELSEC and MELIPC Series Mitsubishi Electric Corporationurl:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf

Trust: 0.8

title:Mitsubishi Electric MELSEC Q series Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=173807

Trust: 0.6

sources: JVNDB: JVNDB-2021-005271 // CNNVD: CNNVD-202111-2335

EXTERNAL IDS

db:NVDid:CVE-2021-20609

Trust: 3.2

db:ICS CERTid:ICSA-21-334-02

Trust: 2.4

db:JVNid:JVNVU94434051

Trust: 2.4

db:JVNDBid:JVNDB-2021-005271

Trust: 0.8

db:AUSCERTid:ESB-2021.4034

Trust: 0.6

db:CS-HELPid:SB2021120105

Trust: 0.6

db:CNNVDid:CNNVD-202111-2335

Trust: 0.6

sources: JVNDB: JVNDB-2021-005271 // CNNVD: CNNVD-202111-2335 // NVD: CVE-2021-20609

REFERENCES

url:https://jvn.jp/vu/jvnvu94434051/index.html

Trust: 2.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02

Trust: 2.2

url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-20609

Trust: 1.4

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-02

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.4034

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120105

Trust: 0.6

sources: JVNDB: JVNDB-2021-005271 // CNNVD: CNNVD-202111-2335 // NVD: CVE-2021-20609

CREDITS

Mitsubishi Electric reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-2335

SOURCES

db:JVNDBid:JVNDB-2021-005271
db:CNNVDid:CNNVD-202111-2335
db:NVDid:CVE-2021-20609

LAST UPDATE DATE

2024-08-14T13:53:44.815000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-005271date:2021-12-10T04:34:00
db:CNNVDid:CNNVD-202111-2335date:2022-11-25T00:00:00
db:NVDid:CVE-2021-20609date:2023-11-09T09:15:07.430

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-005271date:2021-12-10T00:00:00
db:CNNVDid:CNNVD-202111-2335date:2021-11-30T00:00:00
db:NVDid:CVE-2021-20609date:2021-12-01T16:15:07.467