1. Home
  2. CVE Database
  3. CVE-2021-20599
CRITICAL · 9.1

CVE-2021-20599

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and ME...

Vulnerability Description

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
MitsubishielectricR08Sfcpu FirmwareAll versions
MitsubishielectricR08Sfcpu-
MitsubishielectricR16Sfcpu FirmwareAll versions
MitsubishielectricR16Sfcpu-
MitsubishielectricR32Sfcpu FirmwareAll versions
MitsubishielectricR32Sfcpu-
MitsubishielectricR120Sfcpu FirmwareAll versions
MitsubishielectricR120Sfcpu-
MitsubishielectricR08Psfcpu FirmwareAll versions
MitsubishielectricR08Psfcpu-
MitsubishielectricR16Psfcpu FirmwareAll versions
MitsubishielectricR16Psfcpu-
MitsubishielectricR32Psfcpu FirmwareAll versions
MitsubishielectricR32Psfcpu-
MitsubishielectricR120Psfcpu FirmwareAll versions
MitsubishielectricR120Psfcpu-

Related Weaknesses (CWE)

CWE-639CWE-319

References

FAQ

What is CVE-2021-20599?

CVE-2021-20599 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and ME...

How severe is CVE-2021-20599?

CVE-2021-20599 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-20599?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric R08Sfcpu Firmware, Mitsubishielectric R08Sfcpu, Mitsubishielectric R16Sfcpu Firmware, Mitsubishielectric R16Sfcpu, Mitsubishielectric R32Sfcpu Firmware.