// For flags

CVE-2020-5653

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Vulnerabilidad de desbordamiento de búfer en la función TCP/IP incluida en el firmware de la serie MELSEC iQ-R (los 2 dígitos del número de serie son "02" o anteriores del EtherNet/IP Network Interface Module First RJ71EIP91, los 2 dígitos del número de serie es "01" o anteriores del PROFINET IO Controller Module First RJ71PN92, los 2 dígitos del número de serie son "08" o anteriores del High Speed Data Logger Module First RD81DL96, los 2 dígitos del número de serie son "04" o anteriores del MES Interface Module First RD81MES96N, y los primeros de 2 dígitos del número de serie son "04" o anteriores a OPC UA Server Module First RD81OPC96), permite a un atacante remoto no autenticado detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente diseñado

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-06 CVE Reserved
  • 2020-10-30 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rj71eip91 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71eip91 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rj71eip91
Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71eip91"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rj71pn92 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71pn92 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rj71pn92
Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71pn92"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81dl96 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81dl96 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81dl96
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81dl96"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81mes96n Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81mes96n Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81mes96n
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81mes96n"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81opc96 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81opc96 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81opc96
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81opc96"
--
Safe