CVE-2020-13238
First published: Wed Jun 10 2020(Updated: )
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Electric Melsec Iq-R00 Firmware | <=7 | |
| Mitsubishielectric Melsec Iq-r00cpu Firmware | ||
| Mitsubishi Electric Melsec Iq-r01cpu Firmware | <=7 | |
| Mitsubishi Electric MELSEC IQ-R01CPU | ||
| Mitsubishi Electric Melsec IQ-R02 Firmware | <=7 | |
| Mitsubishi Electric MELSEC IQ-R02CPU | ||
| Mitsubishi Electric MELSEC iQ-R04CPU | <=39 | |
| Mitsubishi Electric MELSEC iQ-R04CPU | ||
| Mitsubishi Electric Melsec iQ-R08 Firmware | <=39 | |
| Mitsubishielectric Melsec Iq-r08pcpu | ||
| Mitsubishielectric Melsec Iq-r16pcpu Firmware | <=39 | |
| Mitsubishielectric Melsec Iq-r16cpu Firmware | ||
| Mitsubishielectric Melsec Iq-r32cpu Firmware | <=39 | |
| Mitsubishi Electric Melsec Iq-R32PCPU | ||
| Mitsubishi Electric Melsec Iq-R120PCPU Firmware | <=39 | |
| Mitsubishi Electric Melsec IQ-R120CPU | ||
| Mitsubishi Electric Melsec iQ-R08 Firmware | <=20 | |
| Mitsubishi Electric MELSEC IQ-R08F CPU | ||
| Mitsubishi Electric MELSEC IQ-R16FCPU Firmware | <=20 | |
| Mitsubishi Electric MELSEC IQ-R16FCPU Firmware | ||
| Mitsubishi Electric Melsec Iq-R32FCpu Firmware | <=20 | |
| Mitsubishi Electric MELSEC IQ-R32FCCPU | ||
| Mitsubishi Electric Melsec IQ-R120FCpu Firmware | <=20 | |
| Mitsubishi Electric Melsec IQ-R120 Firmware | ||
| Mitsubishi Electric R08PCPU Firmware | ||
| Mitsubishi Electric Melsec IQ-R08PCPU Firmware | ||
| Mitsubishielectric Melsec Iq-r16pcpu Firmware | ||
| Mitsubishi Electric Melsec Iq-R16PCPU | ||
| Mitsubishielectric Melsec Iq-r32pcpu Firmware | ||
| Mitsubishielectric Melsec Iq-r32pcpu Firmware | ||
| Mitsubishi Electric Melsec Iq-R120PCPU Firmware | ||
| Mitsubishi Electric Melsec Iq-R120PCPU Firmware | ||
| Mitsubishielectric Melsec Iq-r08sfcpu | ||
| Mitsubishi Electric Melsec IQ-R08SFC CPU Firmware | ||
| Mitsubishi Electric Melsec Iq-R16SFCpu Firmware | ||
| Mitsubishi Electric Melsec IQ-R16SFCPU | ||
| Mitsubishi Electric Melsec Iq-r32sfcpu | ||
| Mitsubishi Electric Melsec Iq-r32sfcpu | ||
| Mitsubishi Electric Melsec IQ-R120PSFCPU | ||
| Mitsubishi Electric MELSEC iQ-R120 | ||
| Mitsubishi Electric Melsec IQ-RJ71EN71 Firmware | ||
| Mitsubishi Electric Melsec IQ-RJ71EN71 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-13238?
CVE-2020-13238 is classified as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2020-13238?
To mitigate CVE-2020-13238, updating the firmware of the Mitsubishi MELSEC iQ-R Series PLCs to a version that includes the security patch is necessary.
What causes the vulnerability CVE-2020-13238?
CVE-2020-13238 is caused by the PLCs accepting unauthenticated crafted packets that can exhaust CPU resources.
What are the risks associated with CVE-2020-13238?
Exploiting CVE-2020-13238 can lead to halting critical industrial processes, requiring physical access to restore functionality.
Which devices are affected by CVE-2020-13238?
CVE-2020-13238 affects Mitsubishi MELSEC iQ-R Series PLCs with specific firmware versions of 33 and below.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishi electric melsec iq-r00 firmware
- version/mitsubishi electric melsec iq-r00 firmware/7
- canonical/mitsubishielectric melsec iq-r00cpu firmware
- canonical/mitsubishi electric melsec iq-r01cpu firmware
- version/mitsubishi electric melsec iq-r01cpu firmware/7
- canonical/mitsubishi electric melsec iq-r01cpu
- canonical/mitsubishi electric melsec iq-r02 firmware
- version/mitsubishi electric melsec iq-r02 firmware/7
- canonical/mitsubishi electric melsec iq-r02cpu
- canonical/mitsubishi electric melsec iq-r04cpu
- version/mitsubishi electric melsec iq-r04cpu/39
- canonical/mitsubishi electric melsec iq-r08 firmware
- version/mitsubishi electric melsec iq-r08 firmware/39
- canonical/mitsubishielectric melsec iq-r08pcpu
- canonical/mitsubishielectric melsec iq-r16pcpu firmware
- version/mitsubishielectric melsec iq-r16pcpu firmware/39
- canonical/mitsubishielectric melsec iq-r16cpu firmware
- canonical/mitsubishielectric melsec iq-r32cpu firmware
- version/mitsubishielectric melsec iq-r32cpu firmware/39
- canonical/mitsubishi electric melsec iq-r32pcpu
- canonical/mitsubishi electric melsec iq-r120pcpu firmware
- version/mitsubishi electric melsec iq-r120pcpu firmware/39
- canonical/mitsubishi electric melsec iq-r120cpu
- version/mitsubishi electric melsec iq-r08 firmware/20
- canonical/mitsubishi electric melsec iq-r08f cpu
- canonical/mitsubishi electric melsec iq-r16fcpu firmware
- version/mitsubishi electric melsec iq-r16fcpu firmware/20
- canonical/mitsubishi electric melsec iq-r32fcpu firmware
- version/mitsubishi electric melsec iq-r32fcpu firmware/20
- canonical/mitsubishi electric melsec iq-r32fccpu
- canonical/mitsubishi electric melsec iq-r120fcpu firmware
- version/mitsubishi electric melsec iq-r120fcpu firmware/20
- canonical/mitsubishi electric melsec iq-r120 firmware
- canonical/mitsubishi electric r08pcpu firmware
- canonical/mitsubishi electric melsec iq-r08pcpu firmware
- canonical/mitsubishi electric melsec iq-r16pcpu
- canonical/mitsubishielectric melsec iq-r32pcpu firmware
- canonical/mitsubishielectric melsec iq-r08sfcpu
- canonical/mitsubishi electric melsec iq-r08sfc cpu firmware
- canonical/mitsubishi electric melsec iq-r16sfcpu firmware
- canonical/mitsubishi electric melsec iq-r16sfcpu
- canonical/mitsubishi electric melsec iq-r32sfcpu
- canonical/mitsubishi electric melsec iq-r120psfcpu
- canonical/mitsubishi electric melsec iq-r120
- canonical/mitsubishi electric melsec iq-rj71en71 firmware