Vulnerability Description
Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. System reset is required for recovery.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | R12Ccpu-V Firmware | <= 16 |
| Mitsubishielectric | R12Ccpu-V | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU94914666/index.htmlThird Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-015_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU94914666/index.htmlThird Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-015_en.pdfVendor Advisory
FAQ
What is CVE-2021-20600?
CVE-2021-20600 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a denial-of...
How severe is CVE-2021-20600?
CVE-2021-20600 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20600?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric R12Ccpu-V Firmware, Mitsubishielectric R12Ccpu-V.