ID

VAR-202112-0208


CVE

CVE-2021-20611


TITLE

MELSEC  and  MELIPC  Input verification vulnerabilities in the series

Trust: 0.8

sources: JVNDB: JVNDB-2021-005285

DESCRIPTION

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. MELSEC and MELIPC There is an input verification vulnerability in the series.Denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-20611 // JVNDB: JVNDB-2021-005285

AFFECTED PRODUCTS

vendor:mitsubishimodel:melsec q26udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q100udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q13udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melipc mi5122-vwscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q24dhccpu-v\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q50udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q12dccpu-vscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r04 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q03udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec mr-mq100scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q06udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q172dscpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec l26cpu-\ btscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r64 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q04udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q173dscpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r02 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec q26udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q04udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec l02cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q170mscpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q173dcpu-s1scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec q26dhccpu-lsscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q10udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec l26cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q20udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec l06cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q06udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r01 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r04 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r12 ccpu-vscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q04udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q06udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec q13udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q03udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q170mcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q26udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r00 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec q172dcpu-s1scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q24dhccpu-lsscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q13udecpuscope:eqversion:*

Trust: 1.0

vendor:三菱電機model:melsec iq-r r02cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r32cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r00cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r01cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r120cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r04cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r16pcpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r16cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r08pcpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r08cpuscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005285 // NVD: CVE-2021-20611

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20611
value: HIGH

Trust: 1.0

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp: CVE-2021-20611
value: HIGH

Trust: 1.0

NVD: CVE-2021-20611
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-2341
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-20611
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-20611
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-20611
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-005285 // CNNVD: CNNVD-202111-2341 // NVD: CVE-2021-20611 // NVD: CVE-2021-20611

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005285 // NVD: CVE-2021-20611

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-2341

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202111-2341

PATCH

title:Multiple Denial-of-Service Vulnerabilities in Ethernet port of MELSEC and MELIPC Series Mitsubishi Electric Corporationurl:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf

Trust: 0.8

title:Mitsubishi Electric Repair measures for multiple product input verification errorsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=172522

Trust: 0.6

sources: JVNDB: JVNDB-2021-005285 // CNNVD: CNNVD-202111-2341

EXTERNAL IDS

db:NVDid:CVE-2021-20611

Trust: 3.2

db:ICS CERTid:ICSA-21-334-02

Trust: 2.4

db:JVNid:JVNVU94434051

Trust: 2.4

db:JVNDBid:JVNDB-2021-005285

Trust: 0.8

db:AUSCERTid:ESB-2021.4034

Trust: 0.6

db:CS-HELPid:SB2021120105

Trust: 0.6

db:CNNVDid:CNNVD-202111-2341

Trust: 0.6

sources: JVNDB: JVNDB-2021-005285 // CNNVD: CNNVD-202111-2341 // NVD: CVE-2021-20611

REFERENCES

url:https://jvn.jp/vu/jvnvu94434051/index.html

Trust: 2.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02

Trust: 2.2

url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-20611

Trust: 1.4

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-02

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.4034

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120105

Trust: 0.6

sources: JVNDB: JVNDB-2021-005285 // CNNVD: CNNVD-202111-2341 // NVD: CVE-2021-20611

CREDITS

Mitsubishi Electric reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-2341

SOURCES

db:JVNDBid:JVNDB-2021-005285
db:CNNVDid:CNNVD-202111-2341
db:NVDid:CVE-2021-20611

LAST UPDATE DATE

2024-08-14T13:53:44.841000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-005285date:2021-12-10T05:10:00
db:CNNVDid:CNNVD-202111-2341date:2022-11-28T00:00:00
db:NVDid:CVE-2021-20611date:2023-11-09T09:15:07.893

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-005285date:2021-12-10T00:00:00
db:CNNVDid:CNNVD-202111-2341date:2021-11-30T00:00:00
db:NVDid:CVE-2021-20611date:2021-12-01T16:15:07.550