ID
VAR-202112-0208
CVE
CVE-2021-20611
TITLE
MELSEC and MELIPC Input verification vulnerabilities in the series
Trust: 0.8
DESCRIPTION
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. MELSEC and MELIPC There is an input verification vulnerability in the series.Denial of service (DoS) It may be put into a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | mitsubishi | model: | melsec q26udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q100udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q13udpvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melipc mi5122-vw | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q24dhccpu-v\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 sfcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 cpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q50udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q12dccpu-v | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r04 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q03udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec mr-mq100 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q06udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q172dscpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r08 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec l26cpu-\ bt | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r64 mtcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q04udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q173dscpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 sfcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 mtcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r02 cpu | scope: | lte | version: | 24 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q26udpvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q04udpvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec l02cpu\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r08 cpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r120 cpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q170mscpu\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q173dcpu-s1 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r120 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q26dhccpu-ls | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q10udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r120 sfcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec l26cpu\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q20udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 mtcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec l06cpu\ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r08 sfcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r08 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q06udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r01 cpu | scope: | lte | version: | 24 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 cpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r04 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r12 ccpu-v | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q04udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q06udpvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r32 cpu | scope: | lte | version: | 57 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q13udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r16 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q03udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q170mcpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r120 pcpu | scope: | lte | version: | 29 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q26udvcpu | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec iq-r r00 cpu | scope: | lte | version: | 24 | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q172dcpu-s1 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q24dhccpu-ls | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | mitsubishi | model: | melsec q13udecpu | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | 三菱電機 | model: | melsec iq-r r02cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r32cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r00cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r01cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r120cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r04cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r16pcpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r16cpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r08pcpu | scope: | - | version: | - | Trust: 0.8 |
| vendor: | 三菱電機 | model: | melsec iq-r r08cpu | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.0 |
| problemtype: | Incorrect input confirmation (CWE-20) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation error
Trust: 0.6
PATCH
| title: | Multiple Denial-of-Service Vulnerabilities in Ethernet port of MELSEC and MELIPC Series Mitsubishi Electric Corporation | url: | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf | Trust: 0.8 |
| title: | Mitsubishi Electric Repair measures for multiple product input verification errors | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=172522 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-20611 | Trust: 3.2 |
| db: | ICS CERT | id: | ICSA-21-334-02 | Trust: 2.4 |
| db: | JVN | id: | JVNVU94434051 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2021-005285 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2021.4034 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2021120105 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202111-2341 | Trust: 0.6 |
REFERENCES
| url: | https://jvn.jp/vu/jvnvu94434051/index.html | Trust: 2.4 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02 | Trust: 2.2 |
| url: | https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-20611 | Trust: 1.4 |
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-02 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.4034 | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021120105 | Trust: 0.6 |
CREDITS
Mitsubishi Electric reported these vulnerabilities to CISA.
Trust: 0.6
SOURCES
| db: | JVNDB | id: | JVNDB-2021-005285 |
| db: | CNNVD | id: | CNNVD-202111-2341 |
| db: | NVD | id: | CVE-2021-20611 |
LAST UPDATE DATE
2024-08-14T13:53:44.841000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2021-005285 | date: | 2021-12-10T05:10:00 |
| db: | CNNVD | id: | CNNVD-202111-2341 | date: | 2022-11-28T00:00:00 |
| db: | NVD | id: | CVE-2021-20611 | date: | 2023-11-09T09:15:07.893 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2021-005285 | date: | 2021-12-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-202111-2341 | date: | 2021-11-30T00:00:00 |
| db: | NVD | id: | CVE-2021-20611 | date: | 2021-12-01T16:15:07.550 |