CVE-2020-16850: Input Validation
First published: Mon Nov 30 2020(Updated: )
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU | ||
| Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU | ||
| Mitsubishi Electric R08/16/32/120SFCPU | ||
| Mitsubishi Electric R08/16/32/120PCPU | ||
| Mitsubishi Electric R00CPU Firmware | <=20 | |
| Mitsubishi Electric R00CPU | ||
| Mitsubishi Electric R01CPU | <=20 | |
| Mitsubishi Electric R01CPU | ||
| Mitsubishielectric R02cpu | <=20 | |
| Mitsubishielectric R02cpu Firmware | ||
| Mitsubishi Electric R04CPU | <=52 | |
| Mitsubishi Electric R04CPU | ||
| Mitsubishi Electric R08CPU Firmware | <=52 | |
| Mitsubishi Electric R08CPU Firmware | ||
| Mitsubiushi Electric R16cpu Firmware | <=52 | |
| Mitsubishi Electric R16CPU | ||
| Mitsubishielectric R32cpu | <=52 | |
| Mitsubishielectric R32cpu Firmware | ||
| Mitsubishi Electric R120CPU | <=52 | |
| Mitsubishi Electric R120PCPU | ||
| Mitsubishi Electric R08SFCpu | <=22 | |
| Mitsubishi Electric R08SFCpu | ||
| Mitsubishi Electric R16SFCpu Firmware | <=22 | |
| Mitsubishi Electric R16SFCpu Firmware | ||
| Mitsubishi Electric R32SFCpu | <=22 | |
| Mitsubishielectric R32sfcpu Firmware | ||
| Mitsubishi Electric R120SFCPU | <=22 | |
| Mitsubishielectric R120sfcpu Firmware | ||
| Mitsubishi Electric R08PCPU Firmware | ||
| Mitsubishi Electric R08CPU Firmware | ||
| Mitsubishi Electric R16PCPU Firmware | ||
| Mitsubishi Electric R16PCPU Firmware | ||
| Mitsubishielectric R32pcpu Firmware | ||
| Mitsubishi Electric R32PCPU | ||
| Mitsubishi Electric R120CPU | ||
| Mitsubishi Electric R120PCPU | ||
| Mitsubishielectric R16mtcpu | ||
| Mitsubishielectric R16mtcpu Firmware | ||
| Mitsubishielectric R32mtcpu Firmware | ||
| Mitsubishi Electric R32MTCPU | ||
| Mitsubishi Electric R64MTCPU Firmware | ||
| Mitsubishi Electric R64MTCPU Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-16850.
What is the severity rating of CVE-2020-16850?
CVE-2020-16850 has a severity rating of 7.5 (high).
What is the affected software?
The affected software is Mitsubishi MELSEC iQ-R Series PLCs with firmware versions up to 49.
How can an attacker exploit this vulnerability?
An unauthenticated attacker can exploit this vulnerability by sending a crafted packet over the network to halt the industrial process.
How can I mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to update the firmware of the affected Mitsubishi MELSEC iQ-R Series PLCs to version 20 or higher.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/severity
- agent/references
- agent/event
- agent/trending
- agent/source
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/weakness
- vendor/mitsubishi electric
- canonical/mitsubishi electric melsec iq-r series r00/01/02cpu
- canonical/mitsubishi electric melsec iq-r series r04/08/16/32/120(en)cpu
- canonical/mitsubishi electric r08/16/32/120sfcpu
- canonical/mitsubishi electric r08/16/32/120pcpu
- vendor/mitsubishielectric
- canonical/mitsubishi electric r00cpu firmware
- version/mitsubishi electric r00cpu firmware/20
- canonical/mitsubishi electric r00cpu
- canonical/mitsubishi electric r01cpu
- version/mitsubishi electric r01cpu/20
- canonical/mitsubishielectric r02cpu
- version/mitsubishielectric r02cpu/20
- canonical/mitsubishielectric r02cpu firmware
- canonical/mitsubishi electric r04cpu
- version/mitsubishi electric r04cpu/52
- canonical/mitsubishi electric r08cpu firmware
- version/mitsubishi electric r08cpu firmware/52
- canonical/mitsubiushi electric r16cpu firmware
- version/mitsubiushi electric r16cpu firmware/52
- canonical/mitsubishi electric r16cpu
- canonical/mitsubishielectric r32cpu
- version/mitsubishielectric r32cpu/52
- canonical/mitsubishielectric r32cpu firmware
- canonical/mitsubishi electric r120cpu
- version/mitsubishi electric r120cpu/52
- canonical/mitsubishi electric r120pcpu
- canonical/mitsubishi electric r08sfcpu
- version/mitsubishi electric r08sfcpu/22
- canonical/mitsubishi electric r16sfcpu firmware
- version/mitsubishi electric r16sfcpu firmware/22
- canonical/mitsubishi electric r32sfcpu
- version/mitsubishi electric r32sfcpu/22
- canonical/mitsubishielectric r32sfcpu firmware
- canonical/mitsubishi electric r120sfcpu
- version/mitsubishi electric r120sfcpu/22
- canonical/mitsubishielectric r120sfcpu firmware
- canonical/mitsubishi electric r08pcpu firmware
- canonical/mitsubishi electric r16pcpu firmware
- canonical/mitsubishielectric r32pcpu firmware
- canonical/mitsubishi electric r32pcpu
- canonical/mitsubishielectric r16mtcpu
- canonical/mitsubishielectric r16mtcpu firmware
- canonical/mitsubishielectric r32mtcpu firmware
- canonical/mitsubishi electric r32mtcpu
- canonical/mitsubishi electric r64mtcpu firmware