CVE-2020-5666
HIGHMELSEC iQ-R Series CPU Modules Denial of Service via Crafted HTTP Packet
Title source: llmDescription
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.
References (4)
Core 4
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-015_en.pdf
Third Party Advisory x_refsource_misc
https://jvn.jp/jp/JVN44764844/index.html
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN44764844/index.html
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01
Scores
CVSS v3
7.5
EPSS
0.1840
EPSS Percentile
95.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (8)
mitsubishielectric/melsec_iq-r00_firmware
05 - 19
mitsubishielectric/melsec_iq-r01_firmware
05 - 19
mitsubishielectric/melsec_iq-r02_firmware
05 - 19
mitsubishielectric/melsec_iq-r04_firmware
35 - 51
mitsubishielectric/melsec_iq-r08_firmware
35 - 51
mitsubishielectric/melsec_iq-r120_firmware
35 - 51
mitsubishielectric/melsec_iq-r16_firmware
35 - 51
mitsubishielectric/melsec_iq-r32_firmware
35 - 51
Published
Nov 16, 2020
Tracked Since
Feb 18, 2026