high
7.8
Advisory Published
Updated

CVE-2021-20586

First published: Fri Jan 29 2021(Updated: )

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected SoftwareAffected VersionHow to fix
Mitsubishielectric Rv2fr Firmware
Mitsubishielectric Rv2fr
Mitsubishielectric Rv2frl Firmware
Mitsubishielectric Rv2frl
Mitsubishielectric Rv4fr Firmware
Mitsubishielectric Rv4fr
Mitsubishielectric Rv4frl Firmware
Mitsubishielectric Rv4frl
Mitsubishielectric Rv7fr Firmware
Mitsubishielectric Rv7fr
Mitsubishielectric Rv7frl Firmware
Mitsubishielectric Rv7frl
Mitsubishielectric Rv7frll Firmware
Mitsubishielectric Rv7frll
Mitsubishielectric Rv13fr Firmware
Mitsubishielectric Rv13fr
Mitsubishielectric Rv13frl Firmware
Mitsubishielectric Rv13frl
Mitsubishielectric Rv20fr Firmware
Mitsubishielectric Rv20fr
Mitsubishielectric Rh1frhr Firmware
Mitsubishielectric Rh1frhr
Mitsubishielectric Rh3frhr Firmware
Mitsubishielectric Rh3frhr
Mitsubishielectric Rh3frh35 Firmware
Mitsubishielectric Rh3frh35
Mitsubishielectric Rh3frh45 Firmware
Mitsubishielectric Rh3frh45
Mitsubishielectric Rh3frh55 Firmware
Mitsubishielectric Rh3frh55
Mitsubishielectric Rh6frh35 Firmware
Mitsubishielectric Rh6frh35
Mitsubishielectric Rh6frh45 Firmware
Mitsubishielectric Rh6frh45
Mitsubishielectric Rh6frh55 Firmware
Mitsubishielectric Rh6frh55
Mitsubishielectric Rh12frh55 Firmware
Mitsubishielectric Rh12frh55
Mitsubishielectric Rh12rfh70 Firmware
Mitsubishielectric Rh12rfh70
Mitsubishielectric Rh12frh85 Firmware
Mitsubishielectric Rh12frh85
Mitsubishielectric Rh20frh85 Firmware
Mitsubishielectric Rh20frh85
Mitsubishielectric Rh20frh100 Firmware
Mitsubishielectric Rh20frh100
Mitsubishielectric Rv2fr\(b\) Firmware
Mitsubishielectric Rv2fr\(b\)
Mitsubishielectric Rv2frl\(b\) Firmware
Mitsubishielectric Rv2frl\(b\)
Mitsubishielectric Rv4frm\/c Firmware
Mitsubishielectric Rv4frm\/c
Mitsubishielectric Rv4frlm\/c Firmware
Mitsubishielectric Rv4frlm\/c
Mitsubishielectric Rv7frm\/c Firmware
Mitsubishielectric Rv7frm\/c
Mitsubishielectric Rv7frlm\/c Firmware
Mitsubishielectric Rv7frlm\/c
Mitsubishielectric Rv7frllm\/c Firmware
Mitsubishielectric Rv7frllm\/c
Mitsubishielectric Rv13frm\/c Firmware
Mitsubishielectric Rv13frm\/c
Mitsubishielectric Rv13frlm\/c Firmware
Mitsubishielectric Rv13frlm\/c
Mitsubishielectric Rv20frm\/c Firmware
Mitsubishielectric Rv20frm\/c

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-20586?

    CVE-2021-20586 is assessed as a medium severity vulnerability due to potential impacts on resource management.

  • How do I fix CVE-2021-20586?

    To fix CVE-2021-20586, update the affected Mitsubishi Electric robot controller firmware to the latest version as recommended by the vendor.

  • What products are affected by CVE-2021-20586?

    CVE-2021-20586 affects several models within the MELFA FR Series, including controllers CR800-*V*D and CR800-*HD.*

  • Can CVE-2021-20586 be exploited remotely?

    CVE-2021-20586 may allow an attacker to exploit the vulnerability if proper access controls are not enforced.

  • Is there a workaround for CVE-2021-20586?

    There is no known workaround for CVE-2021-20586; the only mitigation is to update to the latest firmware.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203