CVE-2020-5531 — CRITICAL (9.8)

Q: How severe is CVE-2020-5531?

CVE-2020-5531 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-5531?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Mi5122-Vw Firmware, Mitsubishielectric Mi5122-Vw, Mitsubishielectric Q24Dhccpu-V Firmware, Mitsubishielectric Q24Dhccpu-V, Mitsubishielectric Q24Dhccpu-Vg Firmware.

Vulnerability Description

Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Mi5122-Vw Firmware	<= 03
Mitsubishielectric	Mi5122-Vw	-
Mitsubishielectric	Q24Dhccpu-V Firmware	<= 21121
Mitsubishielectric	Q24Dhccpu-V	-
Mitsubishielectric	Q24Dhccpu-Vg Firmware	<= 21121
Mitsubishielectric	Q24Dhccpu-Vg	-
Mitsubishielectric	R12Ccpu-V Firmware	<= 11
Mitsubishielectric	R12Ccpu-V	-
Mitsubishielectric	Rd55Up06-V Firmware	<= 08
Mitsubishielectric	Rd55Up06-V	-

References

https://jvn.jp/en/vu/JVNVU95424547/index.htmlThird Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-003_en.pdfVendor Advisory
https://jvn.jp/en/vu/JVNVU95424547/index.htmlThird Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-003_en.pdfVendor Advisory

FAQ

What is CVE-2020-5531?

CVE-2020-5531 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 211...

How severe is CVE-2020-5531?

CVE-2020-5531 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-5531?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Mi5122-Vw Firmware, Mitsubishielectric Mi5122-Vw, Mitsubishielectric Q24Dhccpu-V Firmware, Mitsubishielectric Q24Dhccpu-V, Mitsubishielectric Q24Dhccpu-Vg Firmware.