CVE-2021-20591

CVSS V2 High 7.8 CVSS V3 High 7.5
Description
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.
Overview
  • CVE ID
  • CVE-2021-20591
  • Assigner
  • Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-06-11T16:15:08
  • Last Modified Date
  • 2021-06-22T20:05:11
Weakness Enumerations
CWE URL
CWE-400 http://cwe.mitre.org/data/definitions/400.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:mitsubishielectric:r00cpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r00cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r01cpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r01cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r02cpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r02cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r04cpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r04cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r08cpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r08cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r16cpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r16cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r32cpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r32cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r120cpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r120cpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r08pcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r08pcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r16pcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r16pcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r32pcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r32pcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r120pcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r120pcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.8
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU98060539/index.html Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-20591
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20591
History
Created Old Value New Value Data Type Notes
2022-05-10 07:10:21 Added to TrackCVE
2022-12-05 04:15:39 2021-06-11T16:15Z 2021-06-11T16:15:08 CVE Published Date updated
2022-12-05 04:15:39 2021-06-22T20:05:11 CVE Modified Date updated
2022-12-05 04:15:39 Analyzed Vulnerability Status updated