CVE Vulnerability

CVE-2020-16850

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.

7.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-282-02 Third Party Advisory US Government Resource
https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series Third Party Advisory
Configurations

Configuration 1
Information

Published : 2020-11-30 10:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-16850

Mitre link : CVE-2020-16850

Products Affected
No products.
CWE
CWE-20

CWE-400