CVE-2020-5531
First published: Mon Feb 17 2020(Updated: )
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Mi5122-vw Firmware | <=03 | |
| Mitsubishielectric Mi5122-vw | ||
| Mitsubishielectric Q24dhccpu-v Firmware | <=21121 | |
| Mitsubishielectric Q24dhccpu-v | ||
| Mitsubishielectric Q24dhccpu-vg Firmware | <=21121 | |
| Mitsubishielectric Q24dhccpu-vg | ||
| Mitsubishielectric R12ccpu-v Firmware | <=11 | |
| Mitsubishielectric R12ccpu-v | ||
| Mitsubishielectric Rd55up06-v Firmware | <=08 | |
| Mitsubishielectric Rd55up06-v |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5531?
CVE-2020-5531 is a vulnerability in Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller.
What is the severity of CVE-2020-5531?
CVE-2020-5531 has a severity rating of 9.8 (Critical).
Which software versions are affected by CVE-2020-5531?
CVE-2020-5531 affects Mitsubishi Electric MI5122-VW firmware up to version 03 and Q24DHCCPU-V/ VG firmware with serial number 21121 or before.
Are Mitsubishi Electric MI5122-VW and Q24DHCCPU-V/ VG hardware vulnerable?
No, Mitsubishi Electric MI5122-VW and Q24DHCCPU-V/ VG hardware are not vulnerable to CVE-2020-5531.
Where can I find more information about CVE-2020-5531?
You can find more information about CVE-2020-5531 on the official Mitsubishi Electric PSIRT website and JVN Vulnerability Database.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- collector/nvd-index
- vendor/mitsubishielectric
- canonical/mitsubishielectric mi5122-vw firmware
- version/mitsubishielectric mi5122-vw firmware/03
- canonical/mitsubishielectric mi5122-vw
- canonical/mitsubishielectric q24dhccpu-v firmware
- version/mitsubishielectric q24dhccpu-v firmware/21121
- canonical/mitsubishielectric q24dhccpu-v
- canonical/mitsubishielectric q24dhccpu-vg firmware
- version/mitsubishielectric q24dhccpu-vg firmware/21121
- canonical/mitsubishielectric q24dhccpu-vg
- canonical/mitsubishielectric r12ccpu-v firmware
- version/mitsubishielectric r12ccpu-v firmware/11
- canonical/mitsubishielectric r12ccpu-v
- canonical/mitsubishielectric rd55up06-v firmware
- version/mitsubishielectric rd55up06-v firmware/08
- canonical/mitsubishielectric rd55up06-v