CVE-2020-5666
First published: Mon Nov 16 2020(Updated: )
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Electric Melsec Iq-R00 Firmware | >=05<=19 | |
| Mitsubishi Electric Melsec Iq-R00 Firmware | ||
| Mitsubishielectric Melsec Iq-r01 Firmware | >=05<=19 | |
| Mitsubishielectric Melsec Iq-r01 Firmware | ||
| Mitsubishi Electric Melsec IQ-R02 Firmware | >=05<=19 | |
| Mitsubishi Electric Melsec IQ-R02 Firmware | ||
| Mitsubishielectric Melsec Iq-r04 Firmware | >=35<=51 | |
| Mitsubishi Electric Melsec IQ-R04 | ||
| Mitsubishielectric Melsec Iq-r16 Firmware | >=35<=51 | |
| Mitsubishielectric Melsec Iq-r16 Firmware | ||
| Mitsubishi Electric Melsec iQ-R08 Firmware | >=35<=51 | |
| Mitsubishi Electric Melsec IQ-R08 | ||
| Mitsubishielectric Melsec Iq-r32 Firmware | >=35<=51 | |
| Mitsubishi Electric Melsec IQ-R32 | ||
| Mitsubishi Electric Melsec IQ-R120 Firmware | >=35<=51 | |
| Mitsubishi Electric MELSEC iQ-R120 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5666?
CVE-2020-5666 has a high-severity rating due to its potential for remote attackers to cause significant disruptions to CPU functionality.
How do I fix CVE-2020-5666?
To mitigate CVE-2020-5666, update the affected MELSEC iQ-R Series CPU Modules firmware to a version that is not vulnerable.
What types of devices are affected by CVE-2020-5666?
CVE-2020-5666 affects various MELSEC iQ-R CPU Modules including R00, R01, R02, R04, R08, R16, R32, and R120 with specific firmware versions.
Can CVE-2020-5666 be exploited remotely?
Yes, CVE-2020-5666 can be exploited remotely through specially crafted HTTP packets targeted at vulnerable devices.
What are the potential consequences of CVE-2020-5666 exploitation?
Exploitation of CVE-2020-5666 may lead to uncontrolled resource consumption, resulting in critical operational disruptions for affected CPU units.
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- vendor/mitsubishielectric
- canonical/mitsubishi electric melsec iq-r00 firmware
- version/mitsubishi electric melsec iq-r00 firmware/05
- version/mitsubishi electric melsec iq-r00 firmware/19
- canonical/mitsubishielectric melsec iq-r01 firmware
- version/mitsubishielectric melsec iq-r01 firmware/05
- version/mitsubishielectric melsec iq-r01 firmware/19
- canonical/mitsubishi electric melsec iq-r02 firmware
- version/mitsubishi electric melsec iq-r02 firmware/05
- version/mitsubishi electric melsec iq-r02 firmware/19
- canonical/mitsubishielectric melsec iq-r04 firmware
- version/mitsubishielectric melsec iq-r04 firmware/35
- version/mitsubishielectric melsec iq-r04 firmware/51
- canonical/mitsubishi electric melsec iq-r04
- canonical/mitsubishielectric melsec iq-r16 firmware
- version/mitsubishielectric melsec iq-r16 firmware/35
- version/mitsubishielectric melsec iq-r16 firmware/51
- canonical/mitsubishi electric melsec iq-r08 firmware
- version/mitsubishi electric melsec iq-r08 firmware/35
- version/mitsubishi electric melsec iq-r08 firmware/51
- canonical/mitsubishi electric melsec iq-r08
- canonical/mitsubishielectric melsec iq-r32 firmware
- version/mitsubishielectric melsec iq-r32 firmware/35
- version/mitsubishielectric melsec iq-r32 firmware/51
- canonical/mitsubishi electric melsec iq-r32
- canonical/mitsubishi electric melsec iq-r120 firmware
- version/mitsubishi electric melsec iq-r120 firmware/35
- version/mitsubishi electric melsec iq-r120 firmware/51
- canonical/mitsubishi electric melsec iq-r120