CVE-2021-20613

14.01.2022, 20:15

Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Mitsubishi	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Vendor	Product	Version
mitsubishielectric	fx3u-enet_firmware	𝑥 ≤ 1.16
mitsubishielectric	fx3u-enet-l_firmware	𝑥 ≤ 1.16
mitsubishielectric	fx3u-enet-p502_firmware	𝑥 ≤ 1.16

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-665 - Improper Initialization
The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References

https://jvn.jp/vu/JVNVU93268332/index.html

https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-07

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-024_en.pdf

https://jvn.jp/vu/JVNVU93268332/index.html

https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-07

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-024_en.pdf