CVE-2020-16850
HIGHMitsubishielectric R00cpu Firmware < 20 - Denial of Service
Title source: ruleDescription
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02
Scores
CVSS v3
7.5
EPSS
0.0052
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
CWE-20
Status
published
Products (19)
mitsubishielectric/r00cpu_firmware
< 20
mitsubishielectric/r01cpu_firmware
< 20
mitsubishielectric/r02cpu_firmware
< 20
mitsubishielectric/r04cpu_firmware
< 52
mitsubishielectric/r08cpu_firmware
< 52
mitsubishielectric/r08pcpu_firmware
mitsubishielectric/r08sfcpu_firmware
< 22
mitsubishielectric/r120cpu_firmware
< 52
mitsubishielectric/r120pcpu_firmware
mitsubishielectric/r120sfcpu_firmware
< 22
... and 9 more
Published
Nov 30, 2020
Tracked Since
Feb 18, 2026