ID

VAR-202112-0209


CVE

CVE-2021-20610


TITLE

MELSEC  and  MELIPC  Vulnerabilities in the series

Trust: 0.8

sources: JVNDB: JVNDB-2021-005273

DESCRIPTION

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. MELSEC and MELIPC There are unspecified vulnerabilities in the series.Denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-20610 // JVNDB: JVNDB-2021-005273

AFFECTED PRODUCTS

vendor:mitsubishimodel:melsec q26udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q100udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q13udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melipc mi5122-vwscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q24dhccpu-v\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q50udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q12dccpu-vscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r04 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q03udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec mr-mq100scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q06udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q172dscpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec l26cpu-\ btscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r64 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q04udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q173dscpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r02 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec q26udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q04udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec l02cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q170mscpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q173dcpu-s1scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec q26dhccpu-lsscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q10udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec l26cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q20udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 mtcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec l06cpu\scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 sfcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r08 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q06udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r01 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 cpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r04 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r12 ccpu-vscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q04udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec q06udpvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r32 cpuscope:lteversion:57

Trust: 1.0

vendor:mitsubishimodel:melsec q13udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r16 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q03udecpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q170mcpuscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r120 pcpuscope:lteversion:29

Trust: 1.0

vendor:mitsubishimodel:melsec q26udvcpuscope:eqversion: -

Trust: 1.0

vendor:mitsubishimodel:melsec iq-r r00 cpuscope:lteversion:24

Trust: 1.0

vendor:mitsubishimodel:melsec q172dcpu-s1scope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q24dhccpu-lsscope:eqversion:*

Trust: 1.0

vendor:mitsubishimodel:melsec q13udecpuscope:eqversion:*

Trust: 1.0

vendor:三菱電機model:melsec iq-r r02cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r32cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r00cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r01cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r120cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r04cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r16pcpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r16cpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r08pcpuscope: - version: -

Trust: 0.8

vendor:三菱電機model:melsec iq-r r08cpuscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005273 // NVD: CVE-2021-20610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20610
value: HIGH

Trust: 1.0

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp: CVE-2021-20610
value: HIGH

Trust: 1.0

NVD: CVE-2021-20610
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-2338
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-20610
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-20610
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-20610
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-005273 // CNNVD: CNNVD-202111-2338 // NVD: CVE-2021-20610 // NVD: CVE-2021-20610

PROBLEMTYPE DATA

problemtype:CWE-130

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005273 // NVD: CVE-2021-20610

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-2338

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-2338

PATCH

title:Multiple Denial-of-Service Vulnerabilities in Ethernet port of MELSEC and MELIPC Series Mitsubishi Electric Corporationurl:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf

Trust: 0.8

title:Mitsubishi Electric MELSEC Q series Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=173808

Trust: 0.6

sources: JVNDB: JVNDB-2021-005273 // CNNVD: CNNVD-202111-2338

EXTERNAL IDS

db:NVDid:CVE-2021-20610

Trust: 3.2

db:ICS CERTid:ICSA-21-334-02

Trust: 2.4

db:JVNid:JVNVU94434051

Trust: 2.4

db:JVNDBid:JVNDB-2021-005273

Trust: 0.8

db:AUSCERTid:ESB-2021.4034

Trust: 0.6

db:CS-HELPid:SB2021120105

Trust: 0.6

db:CNNVDid:CNNVD-202111-2338

Trust: 0.6

sources: JVNDB: JVNDB-2021-005273 // CNNVD: CNNVD-202111-2338 // NVD: CVE-2021-20610

REFERENCES

url:https://jvn.jp/vu/jvnvu94434051/index.html

Trust: 2.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02

Trust: 2.2

url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-20610

Trust: 1.4

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-02

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.4034

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120105

Trust: 0.6

sources: JVNDB: JVNDB-2021-005273 // CNNVD: CNNVD-202111-2338 // NVD: CVE-2021-20610

CREDITS

Mitsubishi Electric reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-2338

SOURCES

db:JVNDBid:JVNDB-2021-005273
db:CNNVDid:CNNVD-202111-2338
db:NVDid:CVE-2021-20610

LAST UPDATE DATE

2024-08-14T13:53:44.788000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-005273date:2021-12-10T04:49:00
db:CNNVDid:CNNVD-202111-2338date:2022-11-28T00:00:00
db:NVDid:CVE-2021-20610date:2023-11-09T09:15:07.737

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-005273date:2021-12-10T00:00:00
db:CNNVDid:CNNVD-202111-2338date:2021-11-30T00:00:00
db:NVDid:CVE-2021-20610date:2021-12-01T16:15:07.510