First published: Mon Nov 02 2020(Updated: )
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric Melsec Iq-rj71eip91 Firmware | ||
Mitsubishielectric Melsec Iq-rj71eip91 | ||
Mitsubishielectric Melsec Iq-rj71pn92 Firmware | ||
Mitsubishielectric Melsec Iq-rj71pn92 | ||
Mitsubishielectric Melsec Iq-rd81dl96 Firmware | ||
Mitsubishielectric Melsec Iq-rd81dl96 | ||
Mitsubishielectric Melsec Iq-rd81mes96n Firmware | ||
Mitsubishielectric Melsec Iq-rd81mes96n | ||
Mitsubishielectric Melsec Iq-rd81opc96 Firmware | ||
Mitsubishielectric Melsec Iq-rd81opc96 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-5655 is high with a CVSS score of 7.5.
CVE-2020-5655 affects MELSEC iQ-R series firmware versions RJ71EIP91, RJ71PN92, RD81DL96, RD81MES96N, and RD81OPC96.
CVE-2020-5655 is a NULL pointer dereferences vulnerability in the TCP/IP function included in the firmware of MELSEC iQ-R series.
To fix CVE-2020-5655, update the affected firmware versions of MELSEC iQ-R series to the latest available version provided by Mitsubishi Electric.
You can find more information about CVE-2020-5655 on the official Mitsubishi Electric PSIRT website and the JVN database.