Description
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf
Third Party Advisory x_refsource_misc
https://jvn.jp/en/vu/JVNVU91553662/index.html
Scores
CVSS v3
7.5
EPSS
0.0047
EPSS Percentile
64.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (46)
mitsubishielectric/cr800-q_firmware
mitsubishielectric/fx3g_firmware
mitsubishielectric/fx3gc_firmware
mitsubishielectric/fx3s_firmware
mitsubishielectric/fx3u_firmware
mitsubishielectric/fx3uc_firmware
mitsubishielectric/fx5u_firmware
mitsubishielectric/fx5uc_firmware
mitsubishielectric/fx5uj_firmware
mitsubishielectric/l02cpu-p_firmware
... and 36 more
Published
Mar 30, 2020
Tracked Since
Feb 18, 2026