[Japanese] | |
JVNDB-2020-002958 | |
Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port | |
Overview | |
MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400). When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
| |
Affected Products | |
| |
Mitsubishi Electric | |
| |
Impact | |
When MELSOFT transmission port does not process data properly, a client becomes unable to communicate with MELSOFT transmission port. Also, the other devices which communicate using the other communication port may become unable to connect to MELSOFT transmission port. | |
Solution | |
[Apply Workarounds] | |
Vendor Information | |
Mitsubishi Electric | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2020/03/30 |
Date First Published | 2020/03/31 |
Date Last Updated | 2020/04/01 |