CVE-2020-5531

Published Feb 17, 2020

Last updated 3 months ago

CVSS critical 9.8

Overview

Description: Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:mi5122-vw_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66A9D45E-95CE-42C0-B7BA-00A2402DE65C",
            "versionEndIncluding": "03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:mi5122-vw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2054E9BB-9DC6-49DA-A215-D63A93B8160C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:q24dhccpu-v_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2ED90B7-7987-4C00-8D17-1F8C277A1CBA",
            "versionEndIncluding": "21121"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:q24dhccpu-v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "210A2E8A-BF20-43F5-BA07-CB662833DE1D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:q24dhccpu-vg_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C71A2CB-E456-4BA5-A845-5B1D036E3D50",
            "versionEndIncluding": "21121"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:q24dhccpu-vg:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9DF6F77-EEB5-4CB3-B041-7BA43F16E2E3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:r12ccpu-v_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BF5934E-7FAD-410F-AB75-FA7BACB345DC",
            "versionEndIncluding": "11"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:r12ccpu-v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8B938943-DDD5-43DC-98A3-29D0E6AFBF85"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:rd55up06-v_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29ED1F7F-AC02-418F-A380-6FFF2C0FB6A3",
            "versionEndIncluding": "08"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:rd55up06-v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F1F5EF13-A273-459E-815B-F21C57D44204"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References