// For flags

CVE-2020-5657

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.

Una neutralización inapropiada de los delimitadores de argumentos en una vulnerabilidad de comando ("Argument Injection") en la función TCP/IP incluida en el firmware de la serie MELSEC iQ-R (los 2 dígitos del número de serie son "02" o anteriores del EtherNet/IP Network Interface Module First RJ71EIP91, los 2 dígitos del número de serie es "01" o anteriores del PROFINET IO Controller Module First RJ71PN92, los 2 dígitos del número de serie son "08" o anteriores del High Speed Data Logger Module First RD81DL96, los 2 dígitos del número de serie son "04" o anteriores del MES Interface Module First RD81MES96N, y los primeros de 2 dígitos del número de serie son "04" o anteriores a OPC UA Server Module First RD81OPC96), permite a los atacantes no autenticados en la red adyacente detener las funciones de red de los productos por medio de un paquete especialmente diseñado

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-06 CVE Reserved
  • 2020-10-30 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rj71eip91 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71eip91 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rj71eip91
Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71eip91"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rj71pn92 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71pn92 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rj71pn92
Search vendor "Mitsubishielectric" for product "Melsec Iq-rj71pn92"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81dl96 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81dl96 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81dl96
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81dl96"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81mes96n Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81mes96n Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81mes96n
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81mes96n"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81opc96 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81opc96 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Iq-rd81opc96
Search vendor "Mitsubishielectric" for product "Melsec Iq-rd81opc96"
--
Safe