CVE-2021-20599
Published: Oct 14, 2021
Modified: Aug 3, 2024
CVSS v3.1
9.1
Description
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.
| Vendor | Product | Versions |
|---|---|---|
Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R08SFCPU | affected Firmware versions "26" and prior |
Mitsubishi Electric Corporation | MELSEC iQ-R series Safety CPU R16SFCPU | affected Firmware versions "26" and prior |
Mitsubishi Electric Corporation | MELSEC iQ-R series Safety CPU R32SFCPU | affected Firmware versions "26" and prior |
Mitsubishi Electric Corporation | MELSEC iQ-R series Safety CPU R120SFCPU | affected Firmware versions "26" and prior |
Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU | affected Firmware versions "11" and prior |
Mitsubishi Electric Corporation | MELSEC iQ-R series SIL2 Process CPU R16PSFCPU | affected Firmware versions "11" and prior |
Mitsubishi Electric Corporation | MELSEC iQ-R series SIL2 Process CPU R32PSFCPU | affected Firmware versions "11" and prior |
Mitsubishi Electric Corporation | MELSEC iQ-R series SIL2 Process CPU R120PSFCPU | affected Firmware versions "11" and prior |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now