Vulnerability Description
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Cr800-Q Firmware | - |
| Mitsubishielectric | Cr800-Q | - |
| Mitsubishielectric | Fx3G Firmware | - |
| Mitsubishielectric | Fx3G | - |
| Mitsubishielectric | Fx3Gc Firmware | - |
| Mitsubishielectric | Fx3Gc | - |
| Mitsubishielectric | Fx3S Firmware | - |
| Mitsubishielectric | Fx3S | - |
| Mitsubishielectric | Fx3U Firmware | - |
| Mitsubishielectric | Fx3U | - |
| Mitsubishielectric | Fx3Uc Firmware | - |
| Mitsubishielectric | Fx3Uc | - |
| Mitsubishielectric | Fx5U Firmware | - |
| Mitsubishielectric | Fx5U | - |
| Mitsubishielectric | Fx5Uc Firmware | - |
| Mitsubishielectric | Fx5Uc | - |
| Mitsubishielectric | Fx5Uj Firmware | - |
| Mitsubishielectric | Fx5Uj | - |
| Mitsubishielectric | L02Cpu Firmware | - |
| Mitsubishielectric | L02Cpu | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU91553662/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdfVendor Advisory
- https://jvn.jp/en/vu/JVNVU91553662/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdfVendor Advisory
FAQ
What is CVE-2020-5527?
CVE-2020-5527 is a vulnerability with a CVSS score of 7.5 (HIGH). When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and...
How severe is CVE-2020-5527?
CVE-2020-5527 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5527?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Cr800-Q Firmware, Mitsubishielectric Cr800-Q, Mitsubishielectric Fx3G Firmware, Mitsubishielectric Fx3G, Mitsubishielectric Fx3Gc Firmware.