What is the vulnerability ID for this buffer overflow vulnerability?

The vulnerability ID for this buffer overflow vulnerability is CVE-2020-5653.

What software is affected by this vulnerability?

The MELSEC iQ-R series firmware, specifically the RJ71EIP91 EtherNet/IP Network Interface Module (serial number '02' or before), and the RJ71PN92 PROFINET IO Controller Module (serial number '01' or before) are affected.

What is the severity of CVE-2020-5653?

The severity of CVE-2020-5653 is critical with a CVSS score of 9.8.

How can I fix this vulnerability?

To fix this vulnerability, it is recommended to update the firmware of the affected MELSEC iQ-R series modules to a version that addresses the buffer overflow issue.

Where can I find more information about CVE-2020-5653?

You can find more information about CVE-2020-5653 on the JVN Vulnerability Database and the Mitsubishi Electric PSIRT websites.

Vulnerability/
CVE-2020-5653

critical

9.8

CWE

120 119

2/11/2020

10/11/2020

CVE-2020-5653: Buffer Overflow

First published: Mon Nov 02 2020(Updated: )

Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Mitsubishielectric Melsec Iq-rj71eip91 Firmware
Mitsubishielectric Melsec Iq-rj71eip91
Mitsubishielectric Melsec Iq-rj71pn92 Firmware
Mitsubishielectric Melsec Iq-rj71pn92
Mitsubishielectric Melsec Iq-rd81dl96 Firmware
Mitsubishielectric Melsec Iq-rd81dl96
Mitsubishielectric Melsec Iq-rd81mes96n Firmware
Mitsubishielectric Melsec Iq-rd81mes96n
Mitsubishielectric Melsec Iq-rd81opc96 Firmware
Mitsubishielectric Melsec Iq-rd81opc96

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this buffer overflow vulnerability?
The vulnerability ID for this buffer overflow vulnerability is CVE-2020-5653.
What software is affected by this vulnerability?
The MELSEC iQ-R series firmware, specifically the RJ71EIP91 EtherNet/IP Network Interface Module (serial number '02' or before), and the RJ71PN92 PROFINET IO Controller Module (serial number '01' or before) are affected.
What is the severity of CVE-2020-5653?
The severity of CVE-2020-5653 is critical with a CVSS score of 9.8.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update the firmware of the affected MELSEC iQ-R series modules to a version that addresses the buffer overflow issue.
Where can I find more information about CVE-2020-5653?
You can find more information about CVE-2020-5653 on the JVN Vulnerability Database and the Mitsubishi Electric PSIRT websites.