CVE-2021-20596: Null Pointer Dereference
First published: Thu Jul 22 2021(Updated: )
NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Fx3u-enet-l Firmware | <=1.14 | |
| Mitsubishielectric Fx3u-enet-p502 Firmware | <=1.14 | |
| Mitsubishielectric Fx3u-enet Firmware | <=1.14 | |
| Mitsubishi Electric FX3U-ENET: Firmware Version 1.14 and prior | ||
| Mitsubishi Electric FX3U-ENET-L: Firmware Version 1.14 and prior | ||
| Mitsubishi Electric FX3U-ENET-P502: Firmware Version 1.14 and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20596?
CVE-2021-20596 is a vulnerability that allows a remote unauthenticated attacker to cause a Denial of Service (DoS) condition in communication by sending a specially crafted packet.
How does CVE-2021-20596 impact the affected software?
CVE-2021-20596 impacts MELSEC-F Series FX3U-ENET firmware versions 1.14 and prior, FX3U-ENET-L firmware versions 1.14 and prior, and FX3U-ENET-P502 firmware versions 1.14 and prior.
What is the severity of CVE-2021-20596?
CVE-2021-20596 has a severity rating of 7.5 (High).
How can I fix CVE-2021-20596?
To fix CVE-2021-20596, users should update the affected software to a version that is not vulnerable.
Where can I find more information about CVE-2021-20596?
More information about CVE-2021-20596 can be found at the following references: [JVN](https://jvn.jp/vu/JVNVU94348759/index.html), [US-CERT](https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01), [Mitsubishi Electric PSIRT](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf).
- collector/nvd-index
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishielectric fx3u-enet-l firmware
- version/mitsubishielectric fx3u-enet-l firmware/1.14
- canonical/mitsubishielectric fx3u-enet-p502 firmware
- version/mitsubishielectric fx3u-enet-p502 firmware/1.14
- canonical/mitsubishielectric fx3u-enet firmware
- version/mitsubishielectric fx3u-enet firmware/1.14
- vendor/mitsubishi electric
- canonical/mitsubishi electric fx3u-enet: firmware version 1.14 and prior
- canonical/mitsubishi electric fx3u-enet-l: firmware version 1.14 and prior
- canonical/mitsubishi electric fx3u-enet-p502: firmware version 1.14 and prior