Vulnerability Description
Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Melsec Q-Q04Udpvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q04Udpvcpu | - |
| Mitsubishielectric | Melsec Q-Q06Udpvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q06Udpvcpu | - |
| Mitsubishielectric | Melsec Q-Q13Udpvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q13Udpvcpu | - |
| Mitsubishielectric | Melsec Q-Q26Udpvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q26Udpvcpu | - |
| Mitsubishielectric | Melsec Q-Q03Udvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q03Udvcpu | - |
| Mitsubishielectric | Melsec Q-Q04Udvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q04Udvcpu | - |
| Mitsubishielectric | Melsec Q-Q13Udvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q13Udvcpu | - |
| Mitsubishielectric | Melsec Q-Q26Udvcpu Firmware | 22031 |
| Mitsubishielectric | Melsec Q-Q26Udvcpu | - |
| Mitsubishielectric | Melsec Q-Q03Udecpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q03Udecpu | - |
| Mitsubishielectric | Melsec Q-Q04Udehcpu Firmware | 22081 |
| Mitsubishielectric | Melsec Q-Q04Udehcpu | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU96558207/index.htmlThird Party Advisory
- https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdfVendor Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU96558207/index.htmlThird Party Advisory
- https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdfVendor Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdfVendor Advisory
FAQ
What is CVE-2020-5652?
CVE-2020-5652 is a vulnerability with a CVSS score of 7.5 (HIGH). Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware vers...
How severe is CVE-2020-5652?
CVE-2020-5652 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5652?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Melsec Q-Q04Udpvcpu Firmware, Mitsubishielectric Melsec Q-Q04Udpvcpu, Mitsubishielectric Melsec Q-Q06Udpvcpu Firmware, Mitsubishielectric Melsec Q-Q06Udpvcpu, Mitsubishielectric Melsec Q-Q13Udpvcpu Firmware.