First published: Fri Jun 11 2021(Updated: )
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric R00cpu Firmware | ||
Mitsubishielectric R00cpu | ||
Mitsubishielectric R01cpu Firmware | ||
Mitsubishielectric R01cpu | ||
Mitsubishielectric R02cpu Firmware | ||
Mitsubishielectric R02cpu | ||
Mitsubishielectric R04cpu Firmware | ||
Mitsubishielectric R04cpu | ||
Mitsubishielectric R08cpu Firmware | ||
Mitsubishielectric R08cpu | ||
Mitsubishielectric R16cpu Firmware | ||
Mitsubishielectric R16cpu | ||
Mitsubishielectric R32cpu Firmware | ||
Mitsubishielectric R32cpu | ||
Mitsubishielectric R120cpu Firmware | ||
Mitsubishielectric R120cpu | ||
Mitsubishielectric R08sfcpu Firmware | ||
Mitsubishielectric R08sfcpu | ||
Mitsubishielectric R16sfcpu Firmware | ||
Mitsubishielectric R16sfcpu | ||
Mitsubishielectric R32sfcpu Firmware | ||
Mitsubishielectric R32sfcpu | ||
Mitsubishielectric R120sfcpu Firmware | ||
Mitsubishielectric R120sfcpu | ||
Mitsubishielectric R08pcpu Firmware | ||
Mitsubishielectric R08pcpu | ||
Mitsubishielectric R16pcpu Firmware | ||
Mitsubishielectric R16pcpu | ||
Mitsubishielectric R32pcpu Firmware | ||
Mitsubishielectric R32pcpu | ||
Mitsubishielectric R120pcpu Firmware | ||
Mitsubishielectric R120pcpu | ||
Mitsubishielectric R08psfcpu Firmware | ||
Mitsubishielectric R08psfcpu | ||
Mitsubishielectric R16psfcpu Firmware | ||
Mitsubishielectric R16psfcpu | ||
Mitsubishielectric R32psfcpu Firmware | ||
Mitsubishielectric R32psfcpu | ||
Mitsubishielectric R120psfcpu Firmware | ||
Mitsubishielectric R120psfcpu |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20591 is a vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules that allows a remote unauthenticated attacker to cause uncontrolled resource consumption.
The severity of CVE-2021-20591 is high with a CVSS score of 7.5.
The vulnerability affects all versions of Mitsubishi Electric MELSEC iQ-R series CPU modules, including R00/01/02CPU, R04/08/16/32/120(EN)CPU, R08/16/32/120SFCPU, R08/16/32/120PCPU, and R08/16/32/120PSFCPU.
An attacker can exploit CVE-2021-20591 remotely and without authentication to cause uncontrolled resource consumption.
Yes, Mitsubishi Electric has released a patch to address the vulnerability. Please refer to the official advisory for further instructions.