CVE-2021-20586

7.5

HIGH

MELFA Robot Controller Denial of Service (DoS) Vulnerability

Description

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.

INFO

Published Date :

Jan. 29, 2021, 3:15 p.m.

Last Modified :

Nov. 21, 2024, 5:46 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9

Affected Products

The following products are affected by CVE-2021-20586 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Mitsubishielectric	rv2fr_firmware
2	Mitsubishielectric	rv2frl_firmware
3	Mitsubishielectric	rv4fr_firmware
4	Mitsubishielectric	rv4frl_firmware
5	Mitsubishielectric	rv7fr_firmware
6	Mitsubishielectric	rv7frl_firmware
7	Mitsubishielectric	rv7frll_firmware
8	Mitsubishielectric	rv13fr_firmware
9	Mitsubishielectric	rv13frl_firmware
10	Mitsubishielectric	rv20fr_firmware
11	Mitsubishielectric	rh1frhr_firmware
12	Mitsubishielectric	rh3frhr_firmware
13	Mitsubishielectric	rh3frh35_firmware
14	Mitsubishielectric	rh3frh45_firmware
15	Mitsubishielectric	rh3frh55_firmware
16	Mitsubishielectric	rh6frh35_firmware
17	Mitsubishielectric	rh6frh45_firmware
18	Mitsubishielectric	rh6frh55_firmware
19	Mitsubishielectric	rh12frh55_firmware
20	Mitsubishielectric	rh12rfh70_firmware
21	Mitsubishielectric	rh12frh85_firmware
22	Mitsubishielectric	rh20frh85_firmware
23	Mitsubishielectric	rh20frh100_firmware
24	Mitsubishielectric	rv2fr\(b\)_firmware
25	Mitsubishielectric	rv2frl\(b\)_firmware
26	Mitsubishielectric	rv4frm\/c_firmware
27	Mitsubishielectric	rv4frlm\/c_firmware
28	Mitsubishielectric	rv7frm\/c_firmware
29	Mitsubishielectric	rv7frlm\/c_firmware
30	Mitsubishielectric	rv7frllm\/c_firmware
31	Mitsubishielectric	rv13frm\/c_firmware
32	Mitsubishielectric	rv13frlm\/c_firmware
33	Mitsubishielectric	rv20frm\/c_firmware
34	Mitsubishielectric	rv2fr
35	Mitsubishielectric	rv2frl
36	Mitsubishielectric	rv4fr
37	Mitsubishielectric	rv4frl
38	Mitsubishielectric	rv7fr
39	Mitsubishielectric	rv7frl
40	Mitsubishielectric	rv7frll
41	Mitsubishielectric	rv13fr
42	Mitsubishielectric	rv13frl
43	Mitsubishielectric	rv20fr
44	Mitsubishielectric	rh1frhr
45	Mitsubishielectric	rh3frhr
46	Mitsubishielectric	rh3frh35
47	Mitsubishielectric	rh3frh45
48	Mitsubishielectric	rh3frh55
49	Mitsubishielectric	rh6frh35
50	Mitsubishielectric	rh6frh45
51	Mitsubishielectric	rh6frh55
52	Mitsubishielectric	rh12frh55
53	Mitsubishielectric	rh12rfh70
54	Mitsubishielectric	rh12frh85
55	Mitsubishielectric	rh20frh85
56	Mitsubishielectric	rh20frh100
57	Mitsubishielectric	rv2fr\(b\)
58	Mitsubishielectric	rv2frl\(b\)
59	Mitsubishielectric	rv4frm\/c
60	Mitsubishielectric	rv4frlm\/c
61	Mitsubishielectric	rv7frm\/c
62	Mitsubishielectric	rv7frlm\/c
63	Mitsubishielectric	rv7frllm\/c
64	Mitsubishielectric	rv13frm\/c
65	Mitsubishielectric	rv13frlm\/c
66	Mitsubishielectric	rv20frm\/c

: Total Affected Vendor : 1 | Products : 66

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-20586.

URL	Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf	Vendor Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-20586 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-20586 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	Old Value	New Value
Added	Reference		https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

CWE Remap by [email protected]

Jul. 12, 2022

Action	Type	Old Value	New Value
Changed	CWE	CWE-400	NVD-CWE-noinfo

Initial Analysis by [email protected]

Feb. 10, 2021

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Changed	Reference Type	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf No Types Assigned	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf Vendor Advisory
Added	CWE		NIST CWE-400
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv2fr_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv2fr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv2frl_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv2frl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv4fr_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv4fr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv4frl_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv4frl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv7fr_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv7fr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv7frl_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv7frl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv7frll_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv7frll:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv13fr_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv13fr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv13frl_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv13frl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv20fr_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv20fr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh1frhr_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh1frhr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh3frhr_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh3frhr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh3frh35_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh3frh35:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh3frh45_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh3frh45:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh3frh55_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh3frh55:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh6frh35_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh6frh35:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh6frh45_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh6frh45:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh6frh55_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh6frh55:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh12frh55_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh12frh55:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh12rfh70_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh12rfh70:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh12frh85_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh12frh85:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh20frh85_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh20frh85:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rh20frh100_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rh20frh100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv2fr\(b\)_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv2fr\(b\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv2frl\(b\)_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv2frl\(b\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv4frm\/c_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv4frm\/c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv4frlm\/c_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv4frlm\/c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv7frm\/c_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv7frm\/c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv7frlm\/c_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv7frlm\/c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv7frllm\/c_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv7frllm\/c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv13frm\/c_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv13frm\/c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv13frlm\/c_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv13frlm\/c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:mitsubishielectric:rv20frm\/c_firmware::::::::* OR cpe:2.3:h:mitsubishielectric:rv20frm\/c:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-20586 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-20586 weaknesses.

CVE-2021-20586

MELFA Robot Controller Denial of Service (DoS) Vulnerability

Description

INFO

Jan. 29, 2021, 3:15 p.m.

Nov. 21, 2024, 5:46 a.m.

[email protected]

Yes !

3.6

3.9

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by [email protected]

CWE Remap by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

2.01 }} -2.84%

0.82124

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable