+ Product
+ Solution
Pricing
+ Knowledge
+ Company
Contact
Login
Start Free Trial
Research Center
CVE-2021-20610 Research Center

CVE-2021-20610

Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU Operating system software version "W" and prior, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

  • 7.5 high severity

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  • 01/12/2021

Products 25

Meetings

by Zoom

59 Versions

a month ago

Zo

Zoom On-Premise Meeting Connector Controller

by Zoom

4 Versions

a month ago

Zo

Zoom On-Premise Meeting Connector MMR

by Zoom

4 Versions

a month ago

Zo

Zoom On-Premise Recording Connector

by Zoom

3 Versions

6 months ago

Zo

Zoom On-Premise Virtual Room Connector

by Zoom

3 Versions

6 months ago

Zo

Zoom On-Premise Virtual Room Connector Load Balancer

by Zoom

3 Versions

6 months ago

Me

Meetings for Blackberry

by Zoom

1 Version

6 months ago

Me

Meetings for Intune

by Zoom

1 Version

6 months ago

Me

Meetings for Chrome OS

by Zoom

1 Version

6 months ago

Co

Controllers for Zoom Rooms

by Zoom

1 Version

6 months ago

Operating Systems 59

Windows

by Microsoft

18 Versions

9 days ago

Macos

by Apple

33 Versions

13 days ago

An

Android

by Google

72 Versions

15 days ago

Ip

Iphone OS

by Apple

178 Versions

2 months ago

Me

Melsec IQ-R R00 CPU Firmware

by Mitsubishi

1 Version

6 months ago

Me

Melsec IQ-R R01 CPU Firmware

by Mitsubishi

1 Version

6 months ago

Me

Melsec IQ-R R02 CPU Firmware

by Mitsubishi

1 Version

6 months ago

Me

Melsec IQ-R R04 CPU Firmware

by Mitsubishi

1 Version

6 months ago

Me

Melsec IQ-R R08 CPU Firmware

by Mitsubishi

2 Versions

6 months ago

Me

Melsec IQ-R R120 CPU Firmware

by Mitsubishi

2 Versions

6 months ago

xTags 4

#exposed_to_DOS_Attack
#easy_to_exploit
#known_vulnerability
#availability_impact_if_exploited

Advisory Links 3

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
https://jvn.jp/vu/JVNVU94434051/index.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By Kent Weigle
Apr 12, 2021

February Trending CVEs: CVE-2021-3156

As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.

By Kent Weigle
Apr 12, 2021

February Trending CVEs: CVE-2020-1472

As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.

By Kent Weigle
Apr 12, 2021

February Trending CVEs: CVE-2021-24078

As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.

By Kent Weigle
Apr 12, 2021

Top Trending CVEs of January 2021

Well, we made it through the first month of 2021! (Hopefully without any scratches or bruises 😅). As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month. So, without further ado, The Top Trending CVEs of January 2021:

By Kent Weigle
Dec 22, 2020

Security Vulnerability Examples

As the threat landscape changes, the ability to address the most common types of security vulnerabilities is vital for robust protection. As information becomes the most essential asset for an organization, cybersecurity gains much more importance. To successfully conduct your business and preserve the hard-earned reputation of your company, you need to protect your data from malicious attacks, data breaches and hackers. 

By Kent Weigle
Dec 22, 2020

Zoom Security Vulnerabilities

As if times haven’t been hard enough, businesses are dealing with new security threats while employees work from home and some have major issues with one of the most popular video conferencing platforms, Zoom.

By Kent Weigle
Dec 22, 2020

What is a Vulnerability?

This article will offer a quick guide to vulnerabilities – what they are, how they can be exploited and the consequences of exploitation. A vulnerability is a weakness in an asset that can be exploited by cyber attackers. It’s a known issue that allows an attack to succeed. 

By Kent Weigle
Dec 21, 2020

Top 10 Software Vulnerabilities

Security testing is an assessment of the sensitivity of a software vulnerability to various attacks. What type of attacks? Mainly unauthorized breaches into the system with the aim of extracting data about users or getting confidential information. With the help of vulnerabilities present in the software code, attackers can achieve their objectives.  

By Kent Weigle
Dec 23, 2020

Zero-Day Vulnerability: Defense Strategies

A zero-day is a weakness in hardware, software or firmware that is not known to the parties responsible for patching or fixing the flaw. The term zero refers to an attack that has zero days between the time the vulnerability is discovered and the first attack. Once a zero-day vulnerability is known to the public, it’s known as a one-day or n-day vulnerability.

last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!