Vulnerability Description
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | R00Cpu Firmware | All versions |
| Mitsubishielectric | R00Cpu | - |
| Mitsubishielectric | R01Cpu Firmware | All versions |
| Mitsubishielectric | R01Cpu | - |
| Mitsubishielectric | R02Cpu Firmware | All versions |
| Mitsubishielectric | R02Cpu | - |
| Mitsubishielectric | R04Cpu Firmware | All versions |
| Mitsubishielectric | R04Cpu | - |
| Mitsubishielectric | R08Cpu Firmware | All versions |
| Mitsubishielectric | R08Cpu | - |
| Mitsubishielectric | R16Cpu Firmware | All versions |
| Mitsubishielectric | R16Cpu | - |
| Mitsubishielectric | R32Cpu Firmware | All versions |
| Mitsubishielectric | R32Cpu | - |
| Mitsubishielectric | R120Cpu Firmware | All versions |
| Mitsubishielectric | R120Cpu | - |
| Mitsubishielectric | R08Sfcpu Firmware | All versions |
| Mitsubishielectric | R08Sfcpu | - |
| Mitsubishielectric | R16Sfcpu Firmware | All versions |
| Mitsubishielectric | R16Sfcpu | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU98060539/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU98060539/index.htmlThird Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdfVendor Advisory
FAQ
What is CVE-2021-20591?
CVE-2021-20591 is a vulnerability with a CVSS score of 7.5 (HIGH). Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions,...
How severe is CVE-2021-20591?
CVE-2021-20591 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20591?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric R00Cpu Firmware, Mitsubishielectric R00Cpu, Mitsubishielectric R01Cpu Firmware, Mitsubishielectric R01Cpu, Mitsubishielectric R02Cpu Firmware.