ID
VAR-202112-0207
CVE
CVE-2021-20609
TITLE
MELSEC and MELIPC Series resource exhaustion vulnerabilities
Trust: 0.8
DESCRIPTION
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. MELSEC and MELIPC There is a resource exhaustion vulnerability in the series.Denial of service (DoS) It may be put into a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | mitsubishi | model: | melsec q26udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q100udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q13udpvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melipc mi5122-vw | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q24dhccpu-v\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 sfcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 cpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q50udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q12dccpu-v | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r04 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q03udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec mr-mq100 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q06udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q172dscpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r08 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec l26cpu-\ bt | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r64 mtcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q04udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q173dscpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 sfcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 mtcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r02 cpu | scope: | lte | version: | 24 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q26udpvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q04udpvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec l02cpu\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r08 cpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r120 cpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q170mscpu\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q173dcpu-s1 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r120 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q26dhccpu-ls | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q10udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r120 sfcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec l26cpu\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q20udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 mtcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec l06cpu\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r08 sfcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r08 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q06udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r01 cpu | scope: | lte | version: | 24 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 cpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r04 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r12 ccpu-v | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q04udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q06udpvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q13udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q03udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q170mcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r120 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q26udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r00 cpu | scope: | lte | version: | 24 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q172dcpu-s1 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q24dhccpu-ls | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q13udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | 三菱電機 | model: | melsec iq-r r02cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r32cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r00cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r01cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r120cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r04cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r16pcpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r16cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r08pcpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r08cpu | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-400 | Trust: 1.0 |
| problemtype: | Resource exhaustion (CWE-400) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
PATCH
| title: | Multiple Denial-of-Service Vulnerabilities in Ethernet port of MELSEC and MELIPC Series Mitsubishi Electric Corporation | url: | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf | Trust: 0.8 |
| title: | Mitsubishi Electric MELSEC Q series Remediation of resource management error vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=173807 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-20609 | Trust: 3.2 |
| db: | ICS CERT | id: | ICSA-21-334-02 | Trust: 2.4 |
| db: | JVN | id: | JVNVU94434051 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2021-005271 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2021.4034 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2021120105 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202111-2335 | Trust: 0.6 |
REFERENCES
| url: | https://jvn.jp/vu/jvnvu94434051/index.html | Trust: 2.4 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02 | Trust: 2.2 |
| url: | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-20609 | Trust: 1.4 |
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-02 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.4034 | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021120105 | Trust: 0.6 |
CREDITS
Mitsubishi Electric reported these vulnerabilities to CISA.
Trust: 0.6
SOURCES
| db: | JVNDB | id: | JVNDB-2021-005271 |
| db: | CNNVD | id: | CNNVD-202111-2335 |
| db: | NVD | id: | CVE-2021-20609 |
LAST UPDATE DATE
2024-08-14T13:53:44.815000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2021-005271 | date: | 2021-12-10T04:34:00 |
| db: | CNNVD | id: | CNNVD-202111-2335 | date: | 2022-11-25T00:00:00 |
| db: | NVD | id: | CVE-2021-20609 | date: | 2023-11-09T09:15:07.430 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2021-005271 | date: | 2021-12-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-202111-2335 | date: | 2021-11-30T00:00:00 |
| db: | NVD | id: | CVE-2021-20609 | date: | 2021-12-01T16:15:07.467 |