Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-20609

Summary
Assigner-Mitsubishi
Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At-01 Dec, 2021 | 15:41
Updated At-03 Aug, 2024 | 17:45
Rejected At-
Credits

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Mitsubishi
Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At:01 Dec, 2021 | 15:41
Updated At:03 Aug, 2024 | 17:45
Rejected At:
▼CVE Numbering Authority (CNA)

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Affected Products
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R00CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "24" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R01CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "24" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R02CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "24" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R04CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R04ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "26" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "26" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "26" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "26" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08PCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16PCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32PCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120PCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16MTCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "23" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32MTCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "23" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R64MTCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "23" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R12CCPU-V
Default Status
unaffected
Versions
Affected
  • Firmware versions "16" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q03UDECPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q04UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q06UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q10UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q13UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q20UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q26UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q50UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q100UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q03UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q04UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q06UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q13UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q26UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q04UDPVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q06UDPVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q13UDPVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q26UDPVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q12DCCPU-V
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q24DHCCPU-V
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q24DHCCPU-VG
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q24DHCCPU-LS
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q26DHCCPU-LS
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series MR-MQ100
Default Status
unaffected
Versions
Affected
  • Operating system software version "F" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q172DCPU-S1
Default Status
unaffected
Versions
Affected
  • Operating system software version "W" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q173DCPU-S1
Default Status
unaffected
Versions
Affected
  • Operating system software version "W" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q172DSCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "Y" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q173DSCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "Y" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q170MCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "W" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q170MSCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "Y" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q170MSCPU-S1
Default Status
unaffected
Versions
Affected
  • Operating system software version "Y" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L02CPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L06CPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L26CPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L02CPU-P
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L06CPU-P
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L26CPU-P
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L26CPU-BT
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L26CPU-PBT
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELIPC Series MI5122-VW
Default Status
unaffected
Versions
Affected
  • Firmware versions "05" and prior
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ADenial of Service
CAPEC ID: N/A
Description: Denial of Service
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
vendor-advisory
https://jvn.jp/vu/JVNVU94434051/index.html
government-resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
government-resource
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
Resource:
vendor-advisory
Hyperlink: https://jvn.jp/vu/JVNVU94434051/index.html
Resource:
government-resource
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Resource:
government-resource
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
vendor-advisory
x_transferred
https://jvn.jp/vu/JVNVU94434051/index.html
government-resource
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
government-resource
x_transferred
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
Resource:
vendor-advisory
x_transferred
Hyperlink: https://jvn.jp/vu/JVNVU94434051/index.html
Resource:
government-resource
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Resource:
government-resource
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Published At:01 Dec, 2021 | 16:15
Updated At:09 Nov, 2023 | 09:15

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches

Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r00_cpu_firmware>>Versions up to 24(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r00_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r01_cpu_firmware>>Versions up to 24(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r01_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r02_cpu_firmware>>Versions up to 24(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r02_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_mtcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_mtcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_mtcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_mtcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_mtcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_mtcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_mtcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_mtcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r64_mtcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r64_mtcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r64_mtcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r64_mtcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r12_ccpu-v_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r12_ccpu-v>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q03udecpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_q03udecpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q03udecpu>>-
cpe:2.3:h:mitsubishi:melsec_q03udecpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q04udecpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_q04udecpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q04udecpu>>-
cpe:2.3:h:mitsubishi:melsec_q04udecpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q06udecpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_q06udecpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q06udecpu>>-
cpe:2.3:h:mitsubishi:melsec_q06udecpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q10udecpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_q10udecpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q10udecpu>>-
cpe:2.3:h:mitsubishi:melsec_q10udecpu:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE-400SecondaryMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU94434051/index.htmlMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdfMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Vendor Advisory
Hyperlink: https://jvn.jp/vu/JVNVU94434051/index.html
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1441Records found

CVE-2020-5666
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-8.40% / 94.31%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 00:49
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-r02_firmwaremelsec_iq-r32melsec_iq-r04melsec_iq-r01melsec_iq-r16melsec_iq-r32_firmwaremelsec_iq-r00melsec_iq-r01_firmwaremelsec_iq-r04_firmwaremelsec_iq-r16_firmwaremelsec_iq-r08_firmwaremelsec_iq-r00_firmwaremelsec_iq-r08melsec_iq-r120_firmwaremelsec_iq-r02melsec_iq-r120MELSEC iQ-R Series CPU Modules
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5652
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.53% / 87.84%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_l02cpu-pmelsec_l26cpu-pmelsec_q-q170mscpu-s1_firmwaremelsec_iq-r01cpu_firmwaremelsec_iq-r120psfcpumelsec_q-q26udvcpu_firmwaremelsec_iq-r32pcpumelsec_iq-r32mtcpumelsec_q-q172dscpu_firmwaremelsec_iq-r08sfcpu_firmwaremelsec_q-q04udehcpumelsec_q-q20udehcpumelsec_q-q04udvcpu_firmwaremelsec_q-q03udvcpumelsec_q-q04udpvcpumelsec_iq-r00cpumelsec_iq-r32encpumelsec_q-q173dcpu-s1_firmwaremelsec_iq-r32encpu_firmwaremelsec_q-q26udvcpumelsec_q-q50udehcpu_firmwaremelsec_iq-r120encpumelsec_iq-r16sfcpumelsec_iq-r16encpumelsec_q-q03udecpu_firmwaremelsec_q-q26udpvcpu_firmwaremelsec_iq-r16pcpumelsec_q-q172dscpumelsec_q-q06udehcpumelsec_q-q26udehcpumelsec_iq-r16psfcpumelsec_q-q173dscpumelsec_q-q20udehcpu_firmwaremelsec_iq-r08pcpu_firmwaremelsec_q-q170mcpumelsec_iq-r32psfcpumelsec_l06cpu-p_firmwaremelsec_iq-r32mtcpu_firmwaremelsec_q-q13udpvcpumelsec_iq-r02cpumelsec_iq-r01cpumelsec_iq-r32sfcpumelsec_iq-r16sfcpu_firmwaremelsec_iq-r120pcpumelsec_l26cpu-p_firmwaremelsec_iq-r120encpu_firmwaremelsec_q-q04udvcpumelsec_q-q13udpvcpu_firmwaremelsec_q-q03udvcpu_firmwaremelsec_iq-r08sfcpumelsec_iq-r08psfcpu_firmwaremelsec_q-q04udpvcpu_firmwaremelsec_l06cpu-pmelsec_q-q03udecpumelsec_iq-r16mtcpumelsec_q-q06udpvcpumelsec_iq-r32pcpu_firmwaremelsec_iq-r16encpu_firmwaremelsec_q-q172dcpu-s1melsec_q-q100udehcpumelsec_iq-r04encpumelsec_q-q100udehcpu_firmwaremelsec_iq-r64mtcpu_firmwaremelsec_iq-r32psfcpu_firmwaremelsec_q-q10udehcpu_firmwaremelsec_q-q170mcpu_firmwaremelsec_q-q04udehcpu_firmwaremelsec_iq-r04encpu_firmwaremelsec_q-q50udehcpumelsec_iq-r08pcpumelsec_l02cpu-p_firmwaremelsec_q-qmr-mq100_firmwaremelsec_iq-r08encpu_firmwaremelsec_iq-r120pcpu_firmwaremelsec_q-q173dcpu-s1melsec_q-q172dcpu-s1_firmwaremelsec_l26cpu-pbtmelsec_iq-r120psfcpu_firmwaremelsec_iq-r00cpu_firmwaremelsec_q-q170mscpu-s1melsec_iq-r64mtcpumelsec_q-q13udvcpumelsec_iq-r08encpumelsec_q-q173dscpu_firmwaremelsec_iq-r16mtcpu_firmwaremelsec_iq-r16pcpu_firmwaremelsec_q-q10udehcpumelsec_iq-r120sfcpumelsec_iq-r120sfcpu_firmwaremelsec_q-q13udehcpu_firmwaremelsec_l26cpu-pbt_firmwaremelsec_q-q13udvcpu_firmwaremelsec_iq-r32sfcpu_firmwaremelsec_q-qmr-mq100melsec_q-q26udpvcpumelsec_q-q06udpvcpu_firmwaremelsec_q-q06udehcpu_firmwaremelsec_q-q26udehcpu_firmwaremelsec_q-q13udehcpumelsec_iq-r02cpu_firmwaremelsec_iq-r16psfcpu_firmwaremelsec_iq-r08psfcpuMELSEC iQ-R, Q and L series
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5668
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-4.73% / 90.76%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 03:30
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-r08sfcpur04cpu_firmwarerj71gp21-sx_firmwarer120psfcpu_firmwarer16sfcpu_firmwarerj71gp21s-sx_firmwarerj72gf15-t2_firmwarer04cpur32pcpur08cpur16psfcpurj71gf11-t2_firmwarer08pcpurj71gp21-sxrj71c24-r4_firmwarerj71en71_firmwarerj71c24-r2r00cpu_firmwarer08pcpu_firmwarer02cpu_firmwarerj71gn11-t2r16sfcpur16cpu_firmwarer16pcpurj71gf11-t2r120cpu_firmwarer32cpu_firmwarer00cpur120psfcpur08sfcpu_firmwarer32psfcpu_firmwarer16psfcpu_firmwarerj71en71r120cpur32sfcpu_firmwarer32sfcpurj72gf15-t2r01cpur32pcpu_firmwarer01cpu_firmwarer08psfcpu_firmwarer08psfcpurj71c24-r2_firmwarer16cpur08cpu_firmwarerj71gn11-t2_firmwarer16pcpu_firmwarer02cpurj71gp21s-sxr120pcpu_firmwarerj71c24-r4r120sfcpur32psfcpur120sfcpu_firmwarer32cpur120pcpuMELSEC iQ-R
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5603
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.65%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 10:20
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsoft_fielddeviceconfiguratorm_commdtm-hartgx_works3melfa-worksmelsoft_iq_appportalgt_designer3gx_logviewermt_works2motion_control_settingcw_configuratormelsec-l_flexible_high-speed_i\/o_control_module_configuration_toolcpu_module_logging_configuration_toolmelsoft_navigatorgx_works2m_commdtm-io-linkmr_configurator2mi_configuratorrt_toolbox2em_configuratorrt_toolbox3Mitsubishi Electoric FA Engineering Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5527
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.65%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 07:10
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-l06cpu_firmwarel02scpu-p_firmwarer04cpu_firmwarel26cpu-pq172dscpu_firmwareq25prhcpu_firmwareq26dhccpu-lsl26cpu-btl26cpu-pbt_firmwareq12prhcpufx3ur04cpul02cpufx5uj_firmwarefx3sq12phcpuq02phcpu_firmwarefx5uq24dhccpu-vr02cpu_firmwarel06cpu-pr16cpu_firmwarer120cpu_firmwarefx3gc_firmwarer32cpu_firmwarefx5ujr00cpul02cpu-pfx3u_firmwarer16encpu_firmwareq24dhccpu-vg2l02cpu_firmwarecr800-q_firmwarer04encpuq173dscpu_firmwarer16cpufx3s_firmwareq26dhccpu-ls_firmwarer08encpufx5u_firmwareq12dccpu-vq12phcpu_firmwareq24dhccpu-lsq06phcpu_firmwarer32cpufx3gq25phcpu_firmwarer120encpur08cpul26cpu-p_firmwareq24dhccpu-vg2_firmwarefx5ucr00cpu_firmwarer16encpul26cpul02scpuq24dhccpu-v_firmwarer32encpu_firmwareq173dscpufx3uc_firmwareq25prhcpuq173nccpu_firmwarel06cpu-p_firmwarer08encpu_firmwareq25phcpuq12prhcpu_firmwarefx5uc_firmwarefx3gcr32encpul26cpu-pbtr120cpucr800-qr01cpur04encpu_firmwareq02phcpur01cpu_firmwareq172dscpul02scpu-pr08cpu_firmwarer120encpu_firmwarel02scpu_firmwareq24dhccpu-ls_firmwarer02cpufx3ucl02cpu-p_firmwareq06phcpul26cpu-bt_firmwarel26cpu_firmwarel06cpufx3g_firmwareq173nccpuq12dccpu-v_firmwareMELSOFT transmission port (UDP/IP) of multiple Mitsubishi Electric MELSEC series
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-40265
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.6||HIGH
EPSS-0.94% / 56.43%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:04
Updated-24 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-rj71en71_firmwarer08encpur16encpu_firmwarerj71en71r16encpur32encpur32encpu_firmwarer04encpu_firmwarer04encpur120encpur08encpu_firmwarer120encpu_firmwareMELSEC iQ-R Series R04/08/16/32/120ENCPUMELSEC iQ-R Series RJ71EN71
CWE ID-CWE-20
Improper Input Validation
CVE-2026-1876
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 07:03
Updated-30 Apr, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series Ethernet module

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-enet\/ip_firmwaremelsec_iq-f_fx5-enet\/ipMELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-1875
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 06:54
Updated-30 Apr, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-eip_firmwaremelsec_iq-f_fx5-eipMELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-1874
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.42% / 33.89%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 06:46
Updated-04 May, 2026 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module and Ethernet module

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-eip_firmwaremelsec_iq-f_fx5-enet\/ip_firmwaremelsec_iq-f_fx5-eipmelsec_iq-f_fx5-enet\/ipMELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIPMELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2024-8403
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 46.91%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 05:57
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module

Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 to 1.200 and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-MELSEC iQ-F Series FX5-ENETMELSEC iQ-F Series FX5-ENET/IPmelsec_iq-f_series_fx5-enet_ipmelsec_iq-f_series_fx5-enet
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2022-33324
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-1.67% / 73.97%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 02:24
Updated-05 Sep, 2024 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-l_l04_hcpu_firmwaremelsec_iq-l_l32_hcpumelsec_iq-r_r04_sfcpu_firmwaremelsec_iq-r_r08_cpu_firmwaremelsec_iq-r_r16_cpumelsec_iq-r_r08_sfcpu_firmwaremelsec_iq-r_r04_sfcpumelsec_iq-r_r08_sfcpumelsec_iq-r_r16_cpu_firmwaremelsec_iq-r_r32_cpumelsec_iq-r_r32_sfcpu_firmwaremelsec_iq-l_l32_hcpu_firmwaremelsec_iq-r_r32_sfcpumelipc_mi5122-vwmelsec_iq-l_l16_hcpu_firmwaremelsec_iq-r_r120_sfcpu_firmwaremelsec_iq-r_r02_cpumelipc_mi5122-vw_firmwaremelsec_iq-r_r01_cpu_firmwaremelsec_iq-r_r12_ccpu-vmelsec_iq-r_r12_ccpu-v_firmwaremelsec_iq-r_r120_sfcpumelsec_iq-r_r04_cpumelsec_iq-r_r00_cpumelsec_iq-r_r08_cpumelsec_iq-r_r04_cpu_firmwaremelsec_iq-r_r16_sfcpumelsec_iq-l_l08_hcpumelsec_iq-r_r00_cpu_firmwaremelsec_iq-r_r120_cpumelsec_iq-l_l08_hcpu_firmwaremelsec_iq-r_r16_sfcpu_firmwaremelsec_iq-r_r32_cpu_firmwaremelsec_iq-l_l16_hcpumelsec_iq-r_r01_cpumelsec_iq-l_l04_hcpumelsec_iq-r_r02_cpu_firmwaremelsec_iq-r_r120_cpu_firmwareMELSEC iQ-R Series R08PSFCPUMELSEC iQ-R Series R08ENCPUMELSEC iQ-R Series R16SFCPUMELSEC iQ-R Series R32CPUMELSEC iQ-L Series L32HCPUMELSEC iQ-R Series R16CPUMELSEC iQ-R Series R120PSFCPUMELSEC iQ-L Series L04HCPUMELSEC iQ-R Series R32ENCPUMELSEC iQ-R Series R120CPUMELSEC iQ-R Series R16PSFCPUMELSEC iQ-R Series R02CPUMELSEC iQ-R Series R16ENCPUMELSEC iQ-R Series R32PSFCPUMELSEC iQ-R Series R04ENCPUMELSEC iQ-R Series R04CPUMELSEC iQ-L Series L08HCPUMELSEC iQ-R Series R01CPUMELSEC iQ-R Series R120SFCPUMELIPC Series MI5122-VWMELSEC iQ-R Series R08SFCPUMELSEC iQ-R Series R08CPUMELSEC iQ-L Series L16HCPUMELSEC iQ-R Series R32SFCPUMELSEC iQ-R Series R120ENCPUMELSEC iQ-R Series R12CCPU-VMELSEC iQ-R Series R00CPU
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-5645
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.83% / 88.81%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 02:06
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gt1450-qmbdegt1455-qtbdecoreosgt1450-qlbdegt1450hs-qmbdegt1455hs-qtbdeGT14 Model of GOT 1000 series
CWE ID-CWE-384
Session Fixation
CVE-2025-3511
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.31%
||
7 Day CHG~0.00%
Published-25 Apr, 2025 | 05:14
Updated-24 Apr, 2026 | 07:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Series CC-Link IE TSN Master/Local Module, MELSEC iQ-R Series Ethernet Interface Module, CC-Link IE TSN Master/Local Station Communication LSI CP610, MELSEC iQ-F Series FX5 CC-Link IE TSN Master/Local Module, MELSEC iQ-F Series FX5 Ethernet Module, and MELSEC iQ-F Series FX5-ENET/IP Ethernet Module allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-CC-Link IE TSN Remote I/O module NZ2GN2B1-32DCC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IPCC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-60CC-Link IE TSN Remote I/O module NZ2GN2S1-32DTMELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-SXCC-Link IE TSN Remote I/O module NZ2GNCE3-32DCC-Link IE TSN Remote I/O module NZ2GN2B1-32TECC-Link IE TSN Analog-Digital Converter module NZ2GN2B-60AD4CC-Link IE TSN Digital-Analog Converter module NZ2GN2S-60DA4CC-Link IE TSN Remote I/O module NZ2GN2B1-32DTMELSEC iQ-R Series Ethernet Interface Module RJ71EN71CC-Link IE TSN Remote I/O module NZ2GN2B1-16TECC-Link IE TSN Remote I/O module NZ2GNCF1-32DCC-Link IE TSN Remote I/O module NZ2GN12A2-16TECC-Link IE TSN Remote I/O module NZ2GN2S1-16TECC-Link IE TSN FPGA module NZ2GN2S-D41PD02CC-Link IE TSN Remote I/O module NZ2GN2B1-32DTECC-Link IE TSN Remote I/O module NZ2GNCF1-32TCC-Link IE TSN Remote I/O module NZ2GN2S1-32TCC-Link IE TSN Remote I/O module NZ2GN2S1-32DCC-Link IE TSN Remote I/O module NZ2GN2B1-32TCC-Link IE TSN Remote I/O module NZ2GN2S1-16DMELSEC iQ-F Series FX5 CC-Link IE TSN Master/Local Module FX5-CCLGN-MSCC-Link IE TSN Analog-Digital Converter module NZ2GN2S-60AD4MELSEC iQ-F Series FX5 Ethernet Module FX5-ENETCC-Link IE TSN Remote I/O module NZ2GN2S1-32DTEMELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-EIPCC-Link IE TSN Remote I/O module NZ2GN12A4-16DECC-Link IE TSN Remote I/O module NZ2GN2S1-32TECC-Link IE TSN Remote I/O module NZ2GN2B1-16TCC-Link IE TSN FPGA module NZ2GN2S-D41D01CC-Link IE TSN Remote I/O module NZ2GN2S1-16TCC-Link IE TSN Remote I/O module NZ2GN12A42-16DTECC-Link IE TSN Remote I/O module NZ2GN12A42-16DTCC-Link IE TSN FPGA module NZ2GN2S-D41P01MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-T2CC-Link IE TSN Remote I/O module NZ2GN2B1-16DCC-Link IE TSN Master/Local Station Communication LSI CP610 NZ2GACP610-60CC-Link IE TSN Remote I/O module NZ2GN12A2-16TCC-Link IE TSN Remote I/O module NZ2GN12A4-16DCC-Link IE TSN Digital-Analog Converter module NZ2GN2B-60DA4CC-Link IE TSN Master/Local Station Communication LSI CP610 NZ2KT-NPETNG51CC-Link IE TSN Remote I/O module NZ2GNCE3-32DT
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2021-20611
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-2.99% / 85.67%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 15:41
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_q03udvcpumelsec_iq-r_r16_cpumelsec_q03udecpumelsec_q173dcpu-s1_firmwaremelsec_iq-r_r08_sfcpu_firmwaremelsec_q03udvcpu_firmwaremelsec_iq-r_r08_pcpu_firmwaremelsec_iq-r_r16_cpu_firmwaremelsec_q170mscpu\(-s1\)melsec_iq-r_r32_pcpu_firmwaremelsec_iq-r_r08_pcpumelsec_q10udecpumelsec_l06cpu\(-p\)_firmwaremelsec_iq-r_r32_sfcpumelipc_mi5122-vwmelsec_iq-r_r32_mtcpu_firmwaremelsec_iq-r_r32_mtcpumelsec_q26udvcpumelsec_q172dscpu_firmwaremelsec_q172dcpu-s1melsec_q26dhccpu-lsmelsec_iq-r_r120_sfcpu_firmwaremelsec_iq-r_r02_cpumelipc_mi5122-vw_firmwaremelsec_iq-r_r01_cpu_firmwaremelsec_iq-r_r64_mtcpu_firmwaremelsec_q06udvcpu_firmwaremelsec_l26cpu\(-p\)melsec_q06udecpu_firmwaremelsec_iq-r_r16_pcpu_firmwaremelsec_q170mcpumelsec_iq-r_r16_mtcpumelsec_q06udecpumelsec_q13udpvcpu_firmwaremelsec_iq-r_r08_cpumelsec_iq-r_r04_cpu_firmwaremelsec_iq-r_r00_cpu_firmwaremelsec_q13udvcpumelsec_q170mcpu_firmwaremelsec_q04udvcpu_firmwaremelsec_q04udpvcpumelsec_q13udecpumelsec_iq-r_r16_sfcpu_firmwaremelsec_q06udvcpumelsec_q173dcpu-s1melsec_q100udecpu_firmwaremelsec_q10udecpu_firmwaremelsec_q12dccpu-v_firmwaremelsec_iq-r_r01_cpumelsec_iq-r_r32_cpu_firmwaremelsec_iq-r_r16_mtcpu_firmwaremelsec_q170mscpu\(-s1\)_firmwaremelsec_iq-r_r02_cpu_firmwaremelsec_q24dhccpu-v\(g\)_firmwaremelsec_q13udecpu_firmwaremelsec_iq-r_r04_pcpumelsec_q26udvcpu_firmwaremelsec_q13udpvcpumelsec_mr-mq100melsec_iq-r_r120_pcpumelsec_q24dhccpu-ls_firmwaremelsec_iq-r_r08_cpu_firmwaremelsec_iq-r_r04_pcpu_firmwaremelsec_q26udpvcpu_firmwaremelsec_iq-r_r64_mtcpumelsec_q04udpvcpu_firmwaremelsec_iq-r_r08_sfcpumelsec_q172dscpumelsec_iq-r_r32_cpumelsec_l02cpu\(-p\)melsec_q26udecpumelsec_q06udpvcpumelsec_q20udecpu_firmwaremelsec_iq-r_r32_sfcpu_firmwaremelsec_q24dhccpu-v\(g\)melsec_l06cpu\(-p\)melsec_mr-mq100_firmwaremelsec_q04udecpumelsec_q13udvcpu_firmwaremelsec_l02cpu\(-p\)_firmwaremelsec_q100udecpumelsec_q06udpvcpu_firmwaremelsec_q172dcpu-s1_firmwaremelsec_q20udecpumelsec_iq-r_r16_pcpumelsec_iq-r_r12_ccpu-vmelsec_iq-r_r12_ccpu-v_firmwaremelsec_iq-r_r120_sfcpumelsec_q04udecpu_firmwaremelsec_iq-r_r04_cpumelsec_iq-r_r00_cpumelsec_l26cpu\(-p\)_firmwaremelsec_q173dscpu_firmwaremelsec_q50udecpu_firmwaremelsec_iq-r_r16_sfcpumelsec_q173dscpumelsec_iq-r_r32_pcpumelsec_iq-r_r120_cpumelsec_q12dccpu-vmelsec_l26cpu-\(p\)btmelsec_q26dhccpu-ls_firmwaremelsec_q04udvcpumelsec_q50udecpumelsec_q26udecpu_firmwaremelsec_q03udecpu_firmwaremelsec_q24dhccpu-lsmelsec_l26cpu-\(p\)bt_firmwaremelsec_iq-r_r120_cpu_firmwaremelsec_iq-r_r120_pcpu_firmwaremelsec_q26udpvcpuMELSEC Q Series Q100UDEHCPUMELSEC L Series L06CPU-PMELSEC iQ-R Series R120PSFCPUMELSEC iQ-R Series R16MTCPUMELSEC iQ-R Series R32PSFCPUMELSEC L Series L02CPU-PMELSEC iQ-R Series R04ENCPUMELSEC iQ-R Series R120PCPUMELSEC iQ-R Series R120SFCPUMELSEC iQ-R Series R16PCPUMELSEC iQ-R Series R32SFCPUMELSEC iQ-R Series R64MTCPUMELSEC Q Series Q24DHCCPU-V MELSEC Q Series Q173DCPU-S1MELSEC Q Series Q170MSCPUMELSEC Q Series Q50UDEHCPUMELSEC Q Series Q173DSCPUMELSEC iQ-R Series R08PSFCPUMELSEC iQ-R Series R16SFCPUMELSEC iQ-R Series R16CPUMELSEC L Series L06CPUMELSEC iQ-R Series R16PSFCPUMELSEC Q Series Q04UDPVCPUMELSEC iQ-R Series R04CPUMELSEC iQ-R Series R32MTCPUMELSEC iQ-R Series R32PCPUMELSEC iQ-R Series R01CPUMELSEC Q Series Q06UDEHCPUMELSEC Q Series Q13UDEHCPUMELSEC Q Series Q20UDEHCPUMELIPC Series MI5122-VWMELSEC iQ-R Series R08CPUMELSEC Q Series MR-MQ100MELSEC iQ-R Series R00CPUMELSEC iQ-R Series R08PCPUMELSEC Q Series Q06UDPVCPUMELSEC Q Series Q04UDVCPUMELSEC Q Series Q170MSCPU-S1MELSEC L Series L26CPU-BTMELSEC iQ-R Series R32CPUMELSEC Q Series Q24DHCCPU-LSMELSEC Q Series Q170MCPUMELSEC Q Series Q13UDVCPUMELSEC L Series L26CPUMELSEC Q Series Q26DHCCPU-LSMELSEC iQ-R Series R120CPUMELSEC iQ-R Series R02CPUMELSEC Q Series Q12DCCPU-VMELSEC Q Series Q26UDEHCPUMELSEC Q Series Q06UDVCPUMELSEC iQ-R Series R120ENCPUMELSEC Q Series Q172DSCPUMELSEC Q Series Q26UDVCPUMELSEC L Series L02CPUMELSEC Q Series Q03UDVCPUMELSEC iQ-R Series R08ENCPUMELSEC Q Series Q26UDPVCPUMELSEC L Series L26CPU-PBTMELSEC iQ-R Series R32ENCPUMELSEC iQ-R Series R16ENCPUMELSEC Q Series Q03UDECPUMELSEC Q Series Q172DCPU-S1MELSEC iQ-R Series R08SFCPUMELSEC L Series L26CPU-PMELSEC Q Series Q04UDEHCPUMELSEC iQ-R Series R12CCPU-VMELSEC Q Series Q13UDPVCPUMELSEC Q Series Q24DHCCPU-VGMELSEC Q Series Q10UDEHCPU
CWE ID-CWE-20
Improper Input Validation
CVE-2021-20587
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-3.66% / 88.28%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 19:55
Updated-13 Jun, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_remoteservice-ifr_configurator_sw3gt_softgot1000data_transfermelsoft_navigatormelsoft_em_software_development_kitiq_monozukuri_andonm_commdtm-io-linkgx_logviewergx_developermt_works2network_interface_board_mneth_utilitycw_configuratorezsocketiq_monozukuri_process_remote_monitoringgx_configurator-qpgx_iec_developergx_configurator-dpgt_softgot2000mh11_settingtool_version2fr_configuratorgt_designer3rt_toolbox3mi_configuratorslmp_data_collectorpx_developerrt_toolbox2setting\/monitoring_tools_for_the_c_controller_modulenetwork_interface_board_cc_ie_field_utilitynetwork_interface_board_cc_ie_control_utilitynetwork_interface_board_cc-linkgx_works2gx_explorerm_commdtm-hartcpu_module_logging_configuration_toolc_controller_module_setting_and_monitoring_toolfr_configurator2melfa-worksmelsec_wincpu_setting_utilitygx_works3mx_componentGX Configurator-QPCW ConfiguratorGT SoftGOT2000 Version1FR ConfiguratorM_CommDTM-HARTMELSOFT EM Software Development Kit (EM Configurator)GX ExplorerMELSEC WinCPU Setting UtilityRT ToolBox3M_CommDTM-IO-LinkGX Works3iQ Monozukuri Process Remote Monitoring (Data Transfer)Network Interface Board CC IE Control utilityNetwork Interface Board MNETH utilityGT SoftGOT1000 Version3FR Configurator2EZSocketMT Works2PX DeveloperNetwork Interface Board CC-Link Ver.2 UtilityMELSOFT NavigatorGX Configurator-DPMELFA-WorksSetting/monitoring tools for the C Controller module (SW4PVC-CCPU)Network Interface Board CC IE Field UtilityGT Designer3 Version1(GOT1000)GT Designer3 Version1(GOT2000)CPU Module Logging Configuration TooliQ Monozukuri ANDON (Data Transfer)GX IEC DeveloperGX DeveloperFR Configurator SW3SLMP Data CollectorGX Works2GX RemoteService-IData TransferRT ToolBox2MH11 SettingTool Version2MX ComponentMI ConfiguratorGX LogViewer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20589
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-1.48% / 70.71%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 10:28
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-gt_softgot2000_firmwaregt23_firmwaregt25gt21_firmwaregs21_firmwaregt25_firmwaregt27gs21gt27_firmwaregt23gt21gt_softgot2000GOT2000 series; GOT SIMPLE series; GT SoftGOT2000; Tension Controller
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-20588
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-5.86% / 92.30%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 19:58
Updated-13 Jun, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_remoteservice-ifr_configurator_sw3gt_softgot1000data_transfermelsoft_navigatormelsoft_em_software_development_kitiq_monozukuri_andonm_commdtm-io-linkgx_logviewergx_developermt_works2network_interface_board_mneth_utilitycw_configuratorezsocketiq_monozukuri_process_remote_monitoringgx_configurator-qpgx_iec_developergx_configurator-dpgt_softgot2000mh11_settingtool_version2fr_configuratorgt_designer3rt_toolbox3mi_configuratorslmp_data_collectorpx_developerrt_toolbox2setting\/monitoring_tools_for_the_c_controller_modulenetwork_interface_board_cc_ie_field_utilitynetwork_interface_board_cc_ie_control_utilitynetwork_interface_board_cc-linkgx_works2gx_explorerm_commdtm-hartcpu_module_logging_configuration_toolc_controller_module_setting_and_monitoring_toolfr_configurator2melfa-worksmelsec_wincpu_setting_utilitygx_works3mx_componentGX Configurator-QPCW ConfiguratorGT SoftGOT2000 Version1FR ConfiguratorM_CommDTM-HARTMELSOFT EM Software Development Kit (EM Configurator)GX ExplorerMELSEC WinCPU Setting UtilityRT ToolBox3M_CommDTM-IO-LinkGX Works3iQ Monozukuri Process Remote Monitoring (Data Transfer)Network Interface Board CC IE Control utilityNetwork Interface Board MNETH utilityGT SoftGOT1000 Version3FR Configurator2EZSocketMT Works2PX DeveloperNetwork Interface Board CC-Link Ver.2 UtilityMELSOFT NavigatorGX Configurator-DPMELFA-WorksSetting/monitoring tools for the C Controller module (SW4PVC-CCPU)Network Interface Board CC IE Field UtilityGT Designer3 Version1(GOT1000)GT Designer3 Version1(GOT2000)CPU Module Logging Configuration TooliQ Monozukuri ANDON (Data Transfer)GX IEC DeveloperGX DeveloperFR Configurator SW3SLMP Data CollectorGX Works2GX RemoteService-IData TransferRT ToolBox2MH11 SettingTool Version2MX ComponentMI ConfiguratorGX LogViewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2021-20610
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.08%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 15:41
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_q03udvcpumelsec_iq-r_r16_cpumelsec_q03udecpumelsec_q173dcpu-s1_firmwaremelsec_iq-r_r08_sfcpu_firmwaremelsec_q03udvcpu_firmwaremelsec_iq-r_r08_pcpu_firmwaremelsec_iq-r_r16_cpu_firmwaremelsec_q170mscpu\(-s1\)melsec_iq-r_r32_pcpu_firmwaremelsec_iq-r_r08_pcpumelsec_q10udecpumelsec_l06cpu\(-p\)_firmwaremelsec_iq-r_r32_sfcpumelipc_mi5122-vwmelsec_iq-r_r32_mtcpu_firmwaremelsec_iq-r_r32_mtcpumelsec_q26udvcpumelsec_q172dscpu_firmwaremelsec_q172dcpu-s1melsec_q26dhccpu-lsmelsec_iq-r_r120_sfcpu_firmwaremelsec_iq-r_r02_cpumelipc_mi5122-vw_firmwaremelsec_iq-r_r01_cpu_firmwaremelsec_iq-r_r64_mtcpu_firmwaremelsec_q06udvcpu_firmwaremelsec_l26cpu\(-p\)melsec_q06udecpu_firmwaremelsec_iq-r_r16_pcpu_firmwaremelsec_q170mcpumelsec_iq-r_r16_mtcpumelsec_q06udecpumelsec_q13udpvcpu_firmwaremelsec_iq-r_r08_cpumelsec_iq-r_r04_cpu_firmwaremelsec_iq-r_r00_cpu_firmwaremelsec_q13udvcpumelsec_q170mcpu_firmwaremelsec_q04udvcpu_firmwaremelsec_q04udpvcpumelsec_q13udecpumelsec_iq-r_r16_sfcpu_firmwaremelsec_q06udvcpumelsec_q173dcpu-s1melsec_q100udecpu_firmwaremelsec_q10udecpu_firmwaremelsec_q12dccpu-v_firmwaremelsec_iq-r_r01_cpumelsec_iq-r_r32_cpu_firmwaremelsec_iq-r_r16_mtcpu_firmwaremelsec_q170mscpu\(-s1\)_firmwaremelsec_iq-r_r02_cpu_firmwaremelsec_q24dhccpu-v\(g\)_firmwaremelsec_q13udecpu_firmwaremelsec_iq-r_r04_pcpumelsec_q26udvcpu_firmwaremelsec_q13udpvcpumelsec_mr-mq100melsec_iq-r_r120_pcpumelsec_q24dhccpu-ls_firmwaremelsec_iq-r_r08_cpu_firmwaremelsec_iq-r_r04_pcpu_firmwaremelsec_q26udpvcpu_firmwaremelsec_iq-r_r64_mtcpumelsec_q04udpvcpu_firmwaremelsec_iq-r_r08_sfcpumelsec_q172dscpumelsec_iq-r_r32_cpumelsec_l02cpu\(-p\)melsec_q26udecpumelsec_q06udpvcpumelsec_q20udecpu_firmwaremelsec_iq-r_r32_sfcpu_firmwaremelsec_q24dhccpu-v\(g\)melsec_l06cpu\(-p\)melsec_mr-mq100_firmwaremelsec_q04udecpumelsec_q13udvcpu_firmwaremelsec_l02cpu\(-p\)_firmwaremelsec_q100udecpumelsec_q06udpvcpu_firmwaremelsec_q172dcpu-s1_firmwaremelsec_q20udecpumelsec_iq-r_r16_pcpumelsec_iq-r_r12_ccpu-vmelsec_iq-r_r12_ccpu-v_firmwaremelsec_iq-r_r120_sfcpumelsec_q04udecpu_firmwaremelsec_iq-r_r04_cpumelsec_iq-r_r00_cpumelsec_l26cpu\(-p\)_firmwaremelsec_q173dscpu_firmwaremelsec_q50udecpu_firmwaremelsec_iq-r_r16_sfcpumelsec_q173dscpumelsec_iq-r_r32_pcpumelsec_iq-r_r120_cpumelsec_q12dccpu-vmelsec_l26cpu-\(p\)btmelsec_q26dhccpu-ls_firmwaremelsec_q04udvcpumelsec_q50udecpumelsec_q26udecpu_firmwaremelsec_q03udecpu_firmwaremelsec_q24dhccpu-lsmelsec_l26cpu-\(p\)bt_firmwaremelsec_iq-r_r120_cpu_firmwaremelsec_iq-r_r120_pcpu_firmwaremelsec_q26udpvcpuMELSEC Q Series Q100UDEHCPUMELSEC L Series L06CPU-PMELSEC iQ-R Series R120PSFCPUMELSEC iQ-R Series R16MTCPUMELSEC iQ-R Series R32PSFCPUMELSEC L Series L02CPU-PMELSEC iQ-R Series R04ENCPUMELSEC iQ-R Series R120PCPUMELSEC iQ-R Series R120SFCPUMELSEC iQ-R Series R16PCPUMELSEC iQ-R Series R32SFCPUMELSEC iQ-R Series R64MTCPUMELSEC Q Series Q24DHCCPU-V MELSEC Q Series Q173DCPU-S1MELSEC Q Series Q170MSCPUMELSEC Q Series Q50UDEHCPUMELSEC Q Series Q173DSCPUMELSEC iQ-R Series R08PSFCPUMELSEC iQ-R Series R16SFCPUMELSEC iQ-R Series R16CPUMELSEC L Series L06CPUMELSEC iQ-R Series R16PSFCPUMELSEC Q Series Q04UDPVCPUMELSEC iQ-R Series R04CPUMELSEC iQ-R Series R32MTCPUMELSEC iQ-R Series R32PCPUMELSEC iQ-R Series R01CPUMELSEC Q Series Q06UDEHCPUMELSEC Q Series Q13UDEHCPUMELSEC Q Series Q20UDEHCPUMELIPC Series MI5122-VWMELSEC iQ-R Series R08CPUMELSEC Q Series MR-MQ100MELSEC iQ-R Series R00CPUMELSEC iQ-R Series R08PCPUMELSEC Q Series Q06UDPVCPUMELSEC Q Series Q04UDVCPUMELSEC Q Series Q170MSCPU-S1MELSEC L Series L26CPU-BTMELSEC iQ-R Series R32CPUMELSEC Q Series Q24DHCCPU-LSMELSEC Q Series Q170MCPUMELSEC Q Series Q13UDVCPUMELSEC L Series L26CPUMELSEC Q Series Q26DHCCPU-LSMELSEC iQ-R Series R120CPUMELSEC iQ-R Series R02CPUMELSEC Q Series Q12DCCPU-VMELSEC Q Series Q26UDEHCPUMELSEC Q Series Q06UDVCPUMELSEC iQ-R Series R120ENCPUMELSEC Q Series Q172DSCPUMELSEC Q Series Q26UDVCPUMELSEC L Series L02CPUMELSEC Q Series Q03UDVCPUMELSEC iQ-R Series R08ENCPUMELSEC Q Series Q26UDPVCPUMELSEC L Series L26CPU-PBTMELSEC iQ-R Series R32ENCPUMELSEC iQ-R Series R16ENCPUMELSEC Q Series Q03UDECPUMELSEC Q Series Q172DCPU-S1MELSEC iQ-R Series R08SFCPUMELSEC L Series L26CPU-PMELSEC Q Series Q04UDEHCPUMELSEC iQ-R Series R12CCPU-VMELSEC Q Series Q13UDPVCPUMELSEC Q Series Q24DHCCPU-VGMELSEC Q Series Q10UDEHCPU
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2020-5597
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.04% / 78.79%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 08:05
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-got2000_gt27got2000_gt23coreosgot2000_gt25GOT2000 series GT27, GT25, and GT23
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5649
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-4.09% / 89.49%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 02:06
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gt1450-qmbdegt1455-qtbdecoreosgt1450-qlbdegt1450hs-qmbdegt1455hs-qtbdeGT14 Model of GOT 1000 series
CVE-2020-5675
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.79% / 84.67%
||
7 Day CHG~0.00%
Published-04 Dec, 2020 | 07:10
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gs2110-wtbdgs2107-wtbd_firmwaregt2107-wtbd_firmwaregs2107-wtbdgt2107-wtbdgs2107-wtbd-n_firmwaregt2107-wtsdgt2103-pmbd_firmwaregt2104-pmbd_firmwaregs2110-wtbd-n_firmwaregt2104-rtbd_firmwarele7-40gu-l_firmwaregt2104-pmbdgt2103-pmbdgt2107-wtsd_firmwaregs2110-wtbd-ngs2107-wtbd-ngs2110-wtbd_firmwaregt2104-rtbdle7-40gu-lGT21 model of GOT2000 series, GS21 model of GOT SIMPLE series, and Tension Controller LE7-40GU-L series
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-5654
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.70% / 84.14%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-rd81opc96melsec_iq-rd81dl96_firmwaremelsec_iq-rd81dl96melsec_iq-rj71pn92melsec_iq-rd81mes96n_firmwaremelsec_iq-rd81mes96nmelsec_iq-rj71eip91_firmwaremelsec_iq-rj71eip91melsec_iq-rd81opc96_firmwaremelsec_iq-rj71pn92_firmwareMELSEC iQ-R series
CWE ID-CWE-384
Session Fixation
CVE-2020-5655
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.91% / 85.30%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-rd81opc96melsec_iq-rd81dl96_firmwaremelsec_iq-rd81dl96melsec_iq-rj71pn92melsec_iq-rd81mes96n_firmwaremelsec_iq-rd81mes96nmelsec_iq-rj71eip91_firmwaremelsec_iq-rj71eip91melsec_iq-rd81opc96_firmwaremelsec_iq-rj71pn92_firmwareMELSEC iQ-R series
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5658
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.89% / 85.17%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-rd81opc96melsec_iq-rd81dl96_firmwaremelsec_iq-rd81dl96melsec_iq-rj71pn92melsec_iq-rd81mes96n_firmwaremelsec_iq-rd81mes96nmelsec_iq-rj71eip91_firmwaremelsec_iq-rj71eip91melsec_iq-rd81opc96_firmwaremelsec_iq-rj71pn92_firmwareMELSEC iQ-R series
CVE-2020-5646
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-4.12% / 89.57%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 02:06
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gt1450-qmbdegt1455-qtbdecoreosgt1450-qlbdegt1450hs-qmbdegt1455hs-qtbdeGT14 Model of GOT 1000 series
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5600
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.02% / 78.62%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 08:05
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-got2000_gt27got2000_gt23coreosgot2000_gt25GOT2000 series GT27, GT25, and GT23
CVE-2020-29260
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 56.82%
||
7 Day CHG+0.04%
Published-02 Sep, 2022 | 22:14
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

Action-Not Available
Vendor-libvncserver_projectn/aDebian GNU/Linux
Product-libvncserverdebian_linuxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 66.88%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:09
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

Action-Not Available
Vendor-bit.diamondsn/a
Product-diamondn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-26151
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.3||MEDIUM
EPSS-1.03% / 59.55%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-20 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

Action-Not Available
Vendor-freeopcuan/a
Product-opcua-asyncioasyncua
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-21557
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.03% / 78.66%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 66.88%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:06
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

Action-Not Available
Vendor-navcoinn/a
Product-navcoinn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-26509
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.13%
||
7 Day CHG+0.30%
Published-03 Jul, 2023 | 00:00
Updated-27 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AnyDesk 7.0.8 allows remote Denial of Service.

Action-Not Available
Vendor-anydeskn/a
Product-anydeskn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-41989
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.44%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 00:00
Updated-04 Nov, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

Action-Not Available
Vendor-n/aDjango
Product-djangon/adjango
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-20259
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.61% / 44.98%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 16:13
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unity_connectionprime_collaboration_deploymentunified_communications_managerunified_communications_manager_im_\&_presence_serviceemergency_responderCisco Emergency ResponderCisco Unified Communications ManagerCisco Prime Collaboration DeploymentCisco Unity ConnectionCisco Unified Communications Manager IM and Presence Service
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-41818
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.83% / 53.04%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 15:56
Updated-11 Oct, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.

Action-Not Available
Vendor-fast-xml-parser_projectNaturalIntelligencenaturalintelligence
Product-fast-xml-parserfast-xml-parserfast_xml_parser
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-20883
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.42%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-16 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_bootSpring Boot
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-26302
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.27%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 23:03
Updated-14 Apr, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop “forever." This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue.

Action-Not Available
Vendor-is.js_projectarasatasaygin
Product-is.jsis.js
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-42481
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.48% / 37.69%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 15:30
Updated-16 Sep, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Complete crash of host system due to calculateDirectorySize in skyportd

Skyport Daemon (skyportd) is the daemon for the Skyport Panel. By making thousands of folders & files (easy due to skyport's lack of rate limiting on createFolder. createFile), skyportd in a lot of cases will cause 100% CPU usage and an OOM, probably crashing the system. This is fixed in 0.2.2.

Action-Not Available
Vendor-skyportskyportlabsskyportlabs
Product-skyportdskyportdskyportd
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42969
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.39%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1206_firmwarefh1206n/afh1206_firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 47.98%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 66.88%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:05
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

Action-Not Available
Vendor-htmlcoinn/a
Product-htmlcoinn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 42.14%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.39%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-9563
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.60%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 07:33
Updated-02 Jul, 2026 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-Eclipse Parsson
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-19156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 66.88%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:07
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

Action-Not Available
Vendor-pivxn/a
Product-pivxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-21061
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.29% / 20.72%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-20 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-12090
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.7||HIGH
EPSS-3.62% / 88.12%
||
7 Day CHG~0.00%
Published-05 Apr, 2018 | 21:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability.

Action-Not Available
Vendor-Talos (Cisco Systems, Inc.)Rockwell Automation, Inc.
Product-micrologix_1400micrologix_1400_b_firmwareAllen Bradley
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-20014
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.95% / 57.02%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 15:24
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboard
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-41946
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.19% / 64.24%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 14:22
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

Action-Not Available
Vendor-Ruby
Product-rexmlrexmlrexml
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.54%
||
7 Day CHG+0.02%
Published-29 Jul, 2025 | 00:00
Updated-06 Aug, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.

Action-Not Available
Vendor-emqxn/a
Product-nanomqn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 28
  • 29
  • Next
Details not found