CVE-2020-16850: Input Validation
First published: Mon Nov 30 2020(Updated: )
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric R00cpu Firmware | <=20 | |
| Mitsubishielectric R00cpu | ||
| Mitsubishielectric R01cpu Firmware | <=20 | |
| Mitsubishielectric R01cpu | ||
| Mitsubishielectric R02cpu Firmware | <=20 | |
| Mitsubishielectric R02cpu | ||
| Mitsubishielectric R04cpu Firmware | <=52 | |
| Mitsubishielectric R04cpu | ||
| Mitsubishielectric R08cpu Firmware | <=52 | |
| Mitsubishielectric R08cpu | ||
| Mitsubishielectric R16cpu Firmware | <=52 | |
| Mitsubishielectric R16cpu | ||
| Mitsubishielectric R32cpu Firmware | <=52 | |
| Mitsubishielectric R32cpu | ||
| Mitsubishielectric R120cpu Firmware | <=52 | |
| Mitsubishielectric R120cpu | ||
| Mitsubishielectric R08sfcpu Firmware | <=22 | |
| Mitsubishielectric R08sfcpu | ||
| Mitsubishielectric R16sfcpu Firmware | <=22 | |
| Mitsubishielectric R16sfcpu | ||
| Mitsubishielectric R32sfcpu Firmware | <=22 | |
| Mitsubishielectric R32sfcpu | ||
| Mitsubishielectric R120sfcpu Firmware | <=22 | |
| Mitsubishielectric R120sfcpu | ||
| Mitsubishielectric R08pcpu Firmware | ||
| Mitsubishielectric R08pcpu | ||
| Mitsubishielectric R16pcpu Firmware | ||
| Mitsubishielectric R16pcpu | ||
| Mitsubishielectric R32pcpu Firmware | ||
| Mitsubishielectric R32pcpu | ||
| Mitsubishielectric R120pcpu Firmware | ||
| Mitsubishielectric R120pcpu | ||
| Mitsubishielectric R16mtcpu Firmware | ||
| Mitsubishielectric R16mtcpu | ||
| Mitsubishielectric R32mtcpu Firmware | ||
| Mitsubishielectric R32mtcpu | ||
| Mitsubishielectric R64mtcpu Firmware | ||
| Mitsubishielectric R64mtcpu | ||
| Mitsubishi Electric R00/01/02CPU, Firmware Versions 20 and earlier | ||
| Mitsubishi Electric R04/08/16/32/120(EN)CPU, Firmware Versions 52 and earlier | ||
| Mitsubishi Electric R08/16/32/120SFCPU, Firmware Versions 22 and earlier | ||
| Mitsubishi Electric R08/16/32/120PCPU, Firmware Versions 25 and earlier |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-16850.
What is the severity rating of CVE-2020-16850?
CVE-2020-16850 has a severity rating of 7.5 (high).
What is the affected software?
The affected software is Mitsubishi MELSEC iQ-R Series PLCs with firmware versions up to 49.
How can an attacker exploit this vulnerability?
An unauthenticated attacker can exploit this vulnerability by sending a crafted packet over the network to halt the industrial process.
How can I mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to update the firmware of the affected Mitsubishi MELSEC iQ-R Series PLCs to version 20 or higher.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- agent/severity
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishielectric r00cpu firmware
- version/mitsubishielectric r00cpu firmware/20
- canonical/mitsubishielectric r00cpu
- canonical/mitsubishielectric r01cpu firmware
- version/mitsubishielectric r01cpu firmware/20
- canonical/mitsubishielectric r01cpu
- canonical/mitsubishielectric r02cpu firmware
- version/mitsubishielectric r02cpu firmware/20
- canonical/mitsubishielectric r02cpu
- canonical/mitsubishielectric r04cpu firmware
- version/mitsubishielectric r04cpu firmware/52
- canonical/mitsubishielectric r04cpu
- canonical/mitsubishielectric r08cpu firmware
- version/mitsubishielectric r08cpu firmware/52
- canonical/mitsubishielectric r08cpu
- canonical/mitsubishielectric r16cpu firmware
- version/mitsubishielectric r16cpu firmware/52
- canonical/mitsubishielectric r16cpu
- canonical/mitsubishielectric r32cpu firmware
- version/mitsubishielectric r32cpu firmware/52
- canonical/mitsubishielectric r32cpu
- canonical/mitsubishielectric r120cpu firmware
- version/mitsubishielectric r120cpu firmware/52
- canonical/mitsubishielectric r120cpu
- canonical/mitsubishielectric r08sfcpu firmware
- version/mitsubishielectric r08sfcpu firmware/22
- canonical/mitsubishielectric r08sfcpu
- canonical/mitsubishielectric r16sfcpu firmware
- version/mitsubishielectric r16sfcpu firmware/22
- canonical/mitsubishielectric r16sfcpu
- canonical/mitsubishielectric r32sfcpu firmware
- version/mitsubishielectric r32sfcpu firmware/22
- canonical/mitsubishielectric r32sfcpu
- canonical/mitsubishielectric r120sfcpu firmware
- version/mitsubishielectric r120sfcpu firmware/22
- canonical/mitsubishielectric r120sfcpu
- canonical/mitsubishielectric r08pcpu firmware
- canonical/mitsubishielectric r08pcpu
- canonical/mitsubishielectric r16pcpu firmware
- canonical/mitsubishielectric r16pcpu
- canonical/mitsubishielectric r32pcpu firmware
- canonical/mitsubishielectric r32pcpu
- canonical/mitsubishielectric r120pcpu firmware
- canonical/mitsubishielectric r120pcpu
- canonical/mitsubishielectric r16mtcpu firmware
- canonical/mitsubishielectric r16mtcpu
- canonical/mitsubishielectric r32mtcpu firmware
- canonical/mitsubishielectric r32mtcpu
- canonical/mitsubishielectric r64mtcpu firmware
- canonical/mitsubishielectric r64mtcpu
- vendor/mitsubishi electric
- canonical/mitsubishi electric r00/01/02cpu, firmware versions 20 and earlier
- canonical/mitsubishi electric r04/08/16/32/120(en)cpu, firmware versions 52 and earlier
- canonical/mitsubishi electric r08/16/32/120sfcpu, firmware versions 22 and earlier
- canonical/mitsubishi electric r08/16/32/120pcpu, firmware versions 25 and earlier