CVE-2021-20611

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MitsubishiCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
mitsubishimelsec_iq-r_r00_cpu_firmware
𝑥
≤ 24
mitsubishimelsec_iq-r_r01_cpu_firmware
𝑥
≤ 24
mitsubishimelsec_iq-r_r02_cpu_firmware
𝑥
≤ 24
mitsubishimelsec_iq-r_r04_cpu_firmware
𝑥
≤ 57
mitsubishimelsec_iq-r_r08_cpu_firmware
𝑥
≤ 57
mitsubishimelsec_iq-r_r120_cpu_firmware
𝑥
≤ 57
mitsubishimelsec_iq-r_r16_cpu_firmware
𝑥
≤ 57
mitsubishimelsec_iq-r_r32_cpu_firmware
𝑥
≤ 57
mitsubishimelsec_iq-r_r04_pcpu_firmware
𝑥
≤ 29
mitsubishimelsec_iq-r_r08_pcpu_firmware
𝑥
≤ 29
mitsubishimelsec_iq-r_r16_pcpu_firmware
𝑥
≤ 29
mitsubishimelsec_iq-r_r32_pcpu_firmware
𝑥
≤ 29
mitsubishimelsec_iq-r_r120_pcpu_firmware
𝑥
≤ 29
mitsubishimelsec_iq-r_r08_sfcpu_firmware
*
mitsubishimelsec_iq-r_r16_sfcpu_firmware
*
mitsubishimelsec_iq-r_r32_sfcpu_firmware
*
mitsubishimelsec_iq-r_r120_sfcpu_firmware
*
mitsubishimelsec_iq-r_r16_mtcpu_firmware
*
mitsubishimelsec_iq-r_r32_mtcpu_firmware
*
mitsubishimelsec_iq-r_r64_mtcpu_firmware
*
mitsubishimelsec_iq-r_r12_ccpu-v_firmware
*
mitsubishimelsec_q03udecpu_firmware
*
mitsubishimelsec_q04udecpu_firmware
*
mitsubishimelsec_q06udecpu_firmware
*
mitsubishimelsec_q10udecpu_firmware
*
mitsubishimelsec_q13udecpu_firmware
*
mitsubishimelsec_q20udecpu_firmware
*
mitsubishimelsec_q26udecpu_firmware
*
mitsubishimelsec_q50udecpu_firmware
*
mitsubishimelsec_q100udecpu_firmware
*
mitsubishimelsec_q03udvcpu_firmware
-
mitsubishimelsec_q04udvcpu_firmware
-
mitsubishimelsec_q06udvcpu_firmware
-
mitsubishimelsec_q13udvcpu_firmware
-
mitsubishimelsec_q26udvcpu_firmware
-
mitsubishimelsec_q04udpvcpu_firmware
-
mitsubishimelsec_q06udpvcpu_firmware
-
mitsubishimelsec_q13udpvcpu_firmware
-
mitsubishimelsec_q26udpvcpu_firmware
-
mitsubishimelsec_q12dccpu-v_firmware
*
mitsubishimelsec_q24dhccpu-v\(g\)_firmware
*
mitsubishimelsec_q24dhccpu-ls_firmware
*
mitsubishimelsec_q26dhccpu-ls_firmware
-
mitsubishimelsec_mr-mq100_firmware
*
mitsubishimelsec_q172dcpu-s1_firmware
*
mitsubishimelsec_q173dcpu-s1_firmware
*
mitsubishimelsec_q172dscpu_firmware
*
mitsubishimelsec_q173dscpu_firmware
-
mitsubishimelsec_q170mscpu\(-s1\)_firmware
*
mitsubishimelsec_q170mcpu_firmware
*
mitsubishimelipc_mi5122-vw_firmware
*
mitsubishimelsec_l26cpu-\(p\)bt_firmware
*
mitsubishimelsec_l26cpu\(-p\)_firmware
*
mitsubishimelsec_l06cpu\(-p\)_firmware
*
mitsubishimelsec_l02cpu\(-p\)_firmware
*
mitsubishimelsec_iq-r_r08_cpu_firmware
*
mitsubishimelsec_iq-r_r16_cpu_firmware
*
mitsubishimelsec_iq-r_r32_cpu_firmware
*
mitsubishimelsec_iq-r_r120_cpu_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/vu/JVNVU94434051/index.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
https://jvn.jp/vu/JVNVU94434051/index.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf