CVE-2020-5656

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Vulnerabilidad de control de acceso inapropiado en la función TCP/IP incluida en el firmware de la serie MELSEC iQ-R (los 2 dígitos del número de serie son "02" o anteriores del EtherNet/IP Network Interface Module First RJ71EIP91, los 2 dígitos del número de serie es "01" o anteriores del PROFINET IO Controller Module First RJ71PN92, los 2 dígitos del número de serie son "08" o anteriores del High Speed Data Logger Module First RD81DL96, los 2 dígitos del número de serie son "04" o anteriores del MES Interface Module First RD81MES96N, y los primeros de 2 dígitos del número de serie son "04" o anteriores a OPC UA Server Module First RD81OPC96), permite a un atacante remoto no autenticado detener las funciones de red de los productos o ejecutar un programa malicioso por medio de un paquete especialmente diseñado

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-06 CVE Reserved
2020-10-30 CVE Published
2023-07-15 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://jvn.jp/vu/JVNVU92513419/index.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf	2020-11-10
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf	2020-11-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rj71eip91 Firmware Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71eip91 Firmware"	-	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rj71eip91 Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71eip91"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rj71pn92 Firmware Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71pn92 Firmware"	-	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rj71pn92 Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71pn92"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rd81dl96 Firmware Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81dl96 Firmware"	-	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rd81dl96 Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81dl96"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rd81mes96n Firmware Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81mes96n Firmware"	-	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rd81mes96n Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81mes96n"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rd81opc96 Firmware Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81opc96 Firmware"	-	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Melsec Iq-rd81opc96 Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81opc96"	-	-	Safe