Vulnerability: CVE-2020-5658

Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are ’02’ or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are ’01’ or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are ’08’ or before, RD81MES96N MES Interface Module First 2 digits of serial number are ’04’ or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are ’04’ or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.


https://jvn.jp/vu/JVNVU92513419/index.html
https://jvn.jp/vu/JVNVU92513419/index.html
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5658


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply