Vulnerability Description
NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Fx3U-Enet-L Firmware | <= 1.14 |
| Mitsubishielectric | Fx3U-Enet-P502 Firmware | <= 1.14 |
| Mitsubishielectric | Fx3U-Enet Firmware | <= 1.14 |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU94348759/index.htmlPatchThird Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01Third Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdfPatchVendor Advisory
- https://jvn.jp/vu/JVNVU94348759/index.htmlPatchThird Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01Third Party Advisory
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdfPatchVendor Advisory
FAQ
What is CVE-2021-20596?
CVE-2021-20596 is a vulnerability with a CVSS score of 7.5 (HIGH). NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote un...
How severe is CVE-2021-20596?
CVE-2021-20596 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20596?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Fx3U-Enet-L Firmware, Mitsubishielectric Fx3U-Enet-P502 Firmware, Mitsubishielectric Fx3U-Enet Firmware.