CVE-2020-13238

Published Jun 10, 2020
Last updated 4 years ago
CVSS high 7.5
Overview

Description: Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses

nvd@nist.gov: CWE-400
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r00cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2691265A-CC4F-4EF5-A987-FF90DFE40100"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r00cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC033AE6-6DFB-4970-B255-6443EFB7C2B5",
            "versionEndIncluding": "7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r01cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6BC3087-D96A-4327-A3A1-AF62DE145CD2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r01cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4199B843-521A-4966-9FE4-085BF906346A",
            "versionEndIncluding": "7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r02cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E39BA6C6-B3A1-4193-BE96-AD6E8CA8BB9F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r02cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C906A1BC-469A-410B-ACF8-1F8C8654DB4A",
            "versionEndIncluding": "7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r04cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3033A7D5-C134-48CC-AF2C-9E1E8ACFB70E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r04cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCB74C39-16C0-474B-8502-972625FA2FA9",
            "versionEndIncluding": "39"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r08cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57759705-0306-4C43-9EA5-1C0AEA51328D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r08cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "383E4CF8-C453-43C5-963E-05E356561571",
            "versionEndIncluding": "39"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r16cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "757DF844-CC81-4554-9259-82B8758ACD1E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r16cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "594ACE76-BFF3-446A-818A-80498B478888",
            "versionEndIncluding": "39"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r32cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6E305DE9-4DE4-4677-8348-5F0A4EA658A0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r32cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37D5D84B-0530-4F21-9083-DD9B9B1FFCF0",
            "versionEndIncluding": "39"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r120cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D679B7D1-1059-416C-955C-FF0BC33CF3EF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r120cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5C7F03-0972-47E0-BC2F-78C4925DD14C",
            "versionEndIncluding": "39"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r08fcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DFE8590-D364-4572-97E5-31ED1DB73761",
            "versionEndIncluding": "20"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r08fcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3C1972B2-CF32-4E68-A98C-E983F3F71115"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r16fcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58083C24-532C-4645-A442-2C973EB01375",
            "versionEndIncluding": "20"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r16fcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CCDE9DBA-8452-4E10-99F9-982C389B9F50"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r32fcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D0179AD-FA81-4060-A698-E33D75D201D8",
            "versionEndIncluding": "20"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r32fcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "02041EFA-E353-4C4B-8AD9-1F0505D91314"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r120fcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A66FB1C2-3C8C-4CB5-85EF-468266E8CE68",
            "versionEndIncluding": "20"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r120fcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D3461BD1-3FCB-4F4D-8869-FE59A86A5C3A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r08pcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87F503A3-AD82-4EA1-841B-1BAAF445996B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r08pcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E7CE305-8DC2-438D-826B-394C7CEEF8FF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r16pcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D975102B-9953-4241-8546-A14390FA93A3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r16pcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "128886F3-1CB2-4615-9725-1E0A22B9CD1C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r32pcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9896DEC2-F0B1-44D8-9988-40D0881CCF7A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r32pcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8560DB92-7D50-4D19-8520-0ADBC32259CD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r120pcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F033516-7956-40B3-AE6F-C0DCDE5AB140"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r120pcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3954D5FE-7D68-429D-9882-0C035832AE15"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r08sfcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B350428B-4966-46C0-927D-02AA6DD55D79"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r08sfcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E0B4379A-F1D2-4B93-8D0C-EF11A2A8D4F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r16sfcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D40ED555-E89B-49C9-8885-80B704330B31"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r16sfcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8B74D4E6-FCB2-4E6D-ADB5-81D24083F927"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r32sfcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B10800B7-CD71-4CD8-8ADD-0813B83CAFDB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r32sfcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C1CFCCAD-84CE-44EC-889D-8826095CB7A0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-r120sfcpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEC2F6B3-4B2E-470B-846D-094DD419A9B1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-r120sfcpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9460791F-7EA8-49C2-A45C-094BE209A453"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-rj71en71_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48201ACA-C420-4869-B04A-FE9AD537C32D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-rj71en71:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "878A25DD-D056-4ACF-8A1E-382D4C33CE64"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
