7.5
HIGH
CVE-2020-5527
Mitsubishi Electric MELSEC UDP/IP Remote Denial-of-Service Vulnerability
Description

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

INFO

Published Date :

March 30, 2020, 8:15 a.m.

Last Modified :

Nov. 21, 2024, 5:34 a.m.

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2020-5527 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Mitsubishielectric q26dhccpu-ls_firmware
2 Mitsubishielectric q06phcpu_firmware
3 Mitsubishielectric l02cpu_firmware
4 Mitsubishielectric l02cpu-p_firmware
5 Mitsubishielectric l02scpu_firmware
6 Mitsubishielectric l02scpu-p_firmware
7 Mitsubishielectric l06cpu_firmware
8 Mitsubishielectric l06cpu-p_firmware
9 Mitsubishielectric l26cpu_firmware
10 Mitsubishielectric l26cpu-bt_firmware
11 Mitsubishielectric l26cpu-p_firmware
12 Mitsubishielectric l26cpu-pbt_firmware
13 Mitsubishielectric r00cpu_firmware
14 Mitsubishielectric r01cpu_firmware
15 Mitsubishielectric r02cpu_firmware
16 Mitsubishielectric r04cpu_firmware
17 Mitsubishielectric r08cpu_firmware
18 Mitsubishielectric r16cpu_firmware
19 Mitsubishielectric r32cpu_firmware
20 Mitsubishielectric r120cpu_firmware
21 Mitsubishielectric r04encpu_firmware
22 Mitsubishielectric r08encpu_firmware
23 Mitsubishielectric r16encpu_firmware
24 Mitsubishielectric r32encpu_firmware
25 Mitsubishielectric r120encpu_firmware
26 Mitsubishielectric q24dhccpu-v_firmware
27 Mitsubishielectric fx5uc_firmware
28 Mitsubishielectric fx5uj_firmware
29 Mitsubishielectric cr800-q_firmware
30 Mitsubishielectric fx3g_firmware
31 Mitsubishielectric fx3gc_firmware
32 Mitsubishielectric fx3s_firmware
33 Mitsubishielectric fx3u_firmware
34 Mitsubishielectric fx3uc_firmware
35 Mitsubishielectric fx5u_firmware
36 Mitsubishielectric q02phcpu_firmware
37 Mitsubishielectric q12dccpu-v_firmware
38 Mitsubishielectric q12phcpu_firmware
39 Mitsubishielectric q12prhcpu_firmware
40 Mitsubishielectric q172dscpu_firmware
41 Mitsubishielectric q173dscpu_firmware
42 Mitsubishielectric q173nccpu_firmware
43 Mitsubishielectric q24dhccpu-ls_firmware
44 Mitsubishielectric q24dhccpu-vg2_firmware
45 Mitsubishielectric q25phcpu_firmware
46 Mitsubishielectric q25prhcpu_firmware
47 Mitsubishielectric l26cpu-bt
48 Mitsubishielectric l26cpu-pbt
49 Mitsubishielectric q24dhccpu-v
50 Mitsubishielectric cr800-q
51 Mitsubishielectric fx3g
52 Mitsubishielectric fx3gc
53 Mitsubishielectric fx3s
54 Mitsubishielectric fx3u
55 Mitsubishielectric fx3uc
56 Mitsubishielectric fx5u
57 Mitsubishielectric fx5uc
58 Mitsubishielectric fx5uj
59 Mitsubishielectric l02cpu
60 Mitsubishielectric l02cpu-p
61 Mitsubishielectric l02scpu
62 Mitsubishielectric l02scpu-p
63 Mitsubishielectric l06cpu
64 Mitsubishielectric l06cpu-p
65 Mitsubishielectric l26cpu
66 Mitsubishielectric l26cpu-p
67 Mitsubishielectric q02phcpu
68 Mitsubishielectric q06phcpu
69 Mitsubishielectric q12dccpu-v
70 Mitsubishielectric q12phcpu
71 Mitsubishielectric q12prhcpu
72 Mitsubishielectric q172dscpu
73 Mitsubishielectric q173dscpu
74 Mitsubishielectric q173nccpu
75 Mitsubishielectric q24dhccpu-ls
76 Mitsubishielectric q24dhccpu-vg2
77 Mitsubishielectric q25phcpu
78 Mitsubishielectric q25prhcpu
79 Mitsubishielectric q26dhccpu-ls
80 Mitsubishielectric r00cpu
81 Mitsubishielectric r01cpu
82 Mitsubishielectric r02cpu
83 Mitsubishielectric r04cpu
84 Mitsubishielectric r04encpu
85 Mitsubishielectric r08cpu
86 Mitsubishielectric r08encpu
87 Mitsubishielectric r120cpu
88 Mitsubishielectric r120encpu
89 Mitsubishielectric r16cpu
90 Mitsubishielectric r16encpu
91 Mitsubishielectric r32cpu
92 Mitsubishielectric r32encpu
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-5527.

URL Resource
https://jvn.jp/en/vu/JVNVU91553662/index.html Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf Vendor Advisory
https://jvn.jp/en/vu/JVNVU91553662/index.html Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-5527 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-5527 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://jvn.jp/en/vu/JVNVU91553662/index.html
    Added Reference https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Apr. 07, 2020

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type https://jvn.jp/en/vu/JVNVU91553662/index.html No Types Assigned https://jvn.jp/en/vu/JVNVU91553662/index.html Third Party Advisory
    Changed Reference Type https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf No Types Assigned https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf Vendor Advisory
    Added CWE NIST CWE-400
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:cr800-q_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:cr800-q:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx3g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx3g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx3gc_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx3gc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx3s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx3s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx3u_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx3u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx3uc_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx3uc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5u_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l02cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l02cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l02cpu-p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l02scpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l02scpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l02scpu-p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l02scpu-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l06cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l06cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l06cpu-p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l06cpu-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l26cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l26cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l26cpu-bt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l26cpu-p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l26cpu-p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:l26cpu-pbt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:l26cpu-pbt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q02phcpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q02phcpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q06phcpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q06phcpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q12dccpu-v_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q12dccpu-v:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q12phcpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q12phcpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q12prhcpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q12prhcpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q172dscpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q172dscpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q173dscpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q173dscpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q173nccpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q173nccpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q24dhccpu-ls_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q24dhccpu-ls:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q24dhccpu-v_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q24dhccpu-v:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q24dhccpu-vg2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q24dhccpu-vg2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q25phcpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q25phcpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q25prhcpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q25prhcpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:q26dhccpu-ls_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:q26dhccpu-ls:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r00cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r01cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r02cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r04cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r04encpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r08cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r08encpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r120cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r120encpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r16cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r16encpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r32cpu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:r32encpu:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-5527 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2020-5527 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.10 }} -0.01%

score

0.43887

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability