CVE-2020-5654
First published: Mon Nov 02 2020(Updated: )
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Melsec Iq-rj71eip91 Firmware | ||
| Mitsubishielectric Melsec Iq-rj71eip91 | ||
| Mitsubishielectric Melsec Iq-rj71pn92 Firmware | ||
| Mitsubishielectric Melsec Iq-rj71pn92 | ||
| Mitsubishielectric Melsec Iq-rd81dl96 Firmware | ||
| Mitsubishielectric Melsec Iq-rd81dl96 | ||
| Mitsubishielectric Melsec Iq-rd81mes96n Firmware | ||
| Mitsubishielectric Melsec Iq-rd81mes96n | ||
| Mitsubishielectric Melsec Iq-rd81opc96 Firmware | ||
| Mitsubishielectric Melsec Iq-rd81opc96 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5654?
CVE-2020-5654 is a session fixation vulnerability in the TCP/IP function included in the firmware of MELSEC iQ-R series devices.
Which MELSEC iQ-R series devices are affected by CVE-2020-5654?
The MELSEC iQ-R series devices affected by CVE-2020-5654 include the RJ71EIP91 EtherNet/IP Network Interface Module and the RJ71PN92 PROFINET IO Controller Module.
What is the severity of CVE-2020-5654?
CVE-2020-5654 has a severity rating of 7.5 (High).
How can I fix CVE-2020-5654?
To fix CVE-2020-5654, you should update the firmware of the affected MELSEC iQ-R series devices to the latest version provided by Mitsubishi Electric.
Where can I find more information about CVE-2020-5654?
You can find more information about CVE-2020-5654 on the official Mitsubishi Electric PSIRT website and the JVN Vulnerability Database.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/mitsubishielectric
- canonical/mitsubishielectric melsec iq-rj71eip91 firmware
- canonical/mitsubishielectric melsec iq-rj71eip91
- canonical/mitsubishielectric melsec iq-rj71pn92 firmware
- canonical/mitsubishielectric melsec iq-rj71pn92
- canonical/mitsubishielectric melsec iq-rd81dl96 firmware
- canonical/mitsubishielectric melsec iq-rd81dl96
- canonical/mitsubishielectric melsec iq-rd81mes96n firmware
- canonical/mitsubishielectric melsec iq-rd81mes96n
- canonical/mitsubishielectric melsec iq-rd81opc96 firmware
- canonical/mitsubishielectric melsec iq-rd81opc96