Login
Start Free Trial
Research Center
CVE-2021-20610 Research Center

CVE-2021-20610

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU All versions, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

  • 7.5 high severity

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  • 01/12/2021

Products 26

Meetings

by Zoom

61 Versions

4 months ago

Zo

Zoom On-Premise Meeting Connector Controller

by Zoom

4 Versions

5 months ago

Zo

Zoom On-Premise Meeting Connector MMR

by Zoom

4 Versions

5 months ago

Rooms for Conference Rooms

by Zoom

5 Versions

5 months ago

Zo

Zoom On-Premise Recording Connector

by Zoom

3 Versions

10 months ago

Zo

Zoom On-Premise Virtual Room Connector

by Zoom

3 Versions

10 months ago

Zo

Zoom On-Premise Virtual Room Connector Load Balancer

by Zoom

3 Versions

10 months ago

Me

Meetings for Blackberry

by Zoom

1 Version

10 months ago

Me

Meetings for Intune

by Zoom

1 Version

10 months ago

Me

Meetings for Chrome OS

by Zoom

1 Version

10 months ago

Operating Systems 59

An

Android

by Google

76 Versions

3 months ago

Windows

by Microsoft

18 Versions

3 months ago

Macos

by Apple

33 Versions

3 months ago

Ip

Iphone OS

by Apple

180 Versions

3 months ago

Me

Melsec IQ-R R00 CPU Firmware

by Mitsubishi

1 Version

10 months ago

Me

Melsec IQ-R R01 CPU Firmware

by Mitsubishi

1 Version

10 months ago

Me

Melsec IQ-R R02 CPU Firmware

by Mitsubishi

1 Version

10 months ago

Me

Melsec IQ-R R04 CPU Firmware

by Mitsubishi

1 Version

10 months ago

Me

Melsec IQ-R R08 CPU Firmware

by Mitsubishi

2 Versions

10 months ago

Me

Melsec IQ-R R120 CPU Firmware

by Mitsubishi

2 Versions

10 months ago

xTags 4

#exposed_to_DOS_Attack
#easy_to_exploit
#known_vulnerability
#availability_impact_if_exploited

Advisory Links 3

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
https://jvn.jp/vu/JVNVU94434051/index.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By Evan Kling
Sep 30, 2022

CISAnalysis - September 30, 2022

Take me out to the ballgame! A double-header in Exchange Server is being exploited in the wild. These zero-days come as a pair like A-Rod and Jeter. But don't expect any SecOps or sysadmins to be watching baseball this weekend....they may have their hands full.
By John Kilhefner
Sep 29, 2022

Not So Fast: Analyzing the FastCompany Hack

When FastCompany's website was hacked late Tuesday night, it sent shockwaves through the media world, underscoring the importance of routine cybersecurity inspections for media companies. Now, in the wake of the prominent hack, media companies are scrambling to secure their content management systems.
By Jenny R
Sep 28, 2022

How to test application with ZAP - Part Two

This part of the series covers how to create an Angular application, deploy it using Docker, and how to set up ZAP so you can start testing the application inside the test environment.
By Jenny R
Sep 28, 2022

How to test application with ZAP - Part One

This part of the topic covers how to setup your machine so you can start with the security testing tool- ZAP.
By Paul Lighter
Sep 27, 2022

The World's Worst Hackers Have Flags

Who's responsible for ransomware? The Iranian government, in no small part. State-sponsored hackers suggest an alarming future for cybersecurity.
last_chanse_04.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!