CVE-2020-16850 — HIGH (7.5)

Q: How severe is CVE-2020-16850?

CVE-2020-16850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-16850?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric R00Cpu Firmware, Mitsubishielectric R00Cpu, Mitsubishielectric R01Cpu Firmware, Mitsubishielectric R01Cpu, Mitsubishielectric R02Cpu Firmware.

Vulnerability Description

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitsubishielectric	R00Cpu Firmware	<= 20
Mitsubishielectric	R00Cpu	-
Mitsubishielectric	R01Cpu Firmware	<= 20
Mitsubishielectric	R01Cpu	-
Mitsubishielectric	R02Cpu Firmware	<= 20
Mitsubishielectric	R02Cpu	-
Mitsubishielectric	R04Cpu Firmware	<= 52
Mitsubishielectric	R04Cpu	-
Mitsubishielectric	R08Cpu Firmware	<= 52
Mitsubishielectric	R08Cpu	-
Mitsubishielectric	R16Cpu Firmware	<= 52
Mitsubishielectric	R16Cpu	-
Mitsubishielectric	R32Cpu Firmware	<= 52
Mitsubishielectric	R32Cpu	-
Mitsubishielectric	R120Cpu Firmware	<= 52
Mitsubishielectric	R120Cpu	-
Mitsubishielectric	R08Sfcpu Firmware	<= 22
Mitsubishielectric	R08Sfcpu	-
Mitsubishielectric	R16Sfcpu Firmware	<= 22
Mitsubishielectric	R16Sfcpu	-

Related Weaknesses (CWE)

CWE-20 CWE-400

References

https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-serThird Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02Third Party AdvisoryUS Government Resource
https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-serThird Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-16850?

CVE-2020-16850 is a vulnerability with a CVSS score of 7.5 (HIGH). Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes...

How severe is CVE-2020-16850?

CVE-2020-16850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-16850?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric R00Cpu Firmware, Mitsubishielectric R00Cpu, Mitsubishielectric R01Cpu Firmware, Mitsubishielectric R01Cpu, Mitsubishielectric R02Cpu Firmware.