CVE-2021-20599

Summary

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric CorporationMELSEC iQ-R Series Safety CPU R08SFCPUFirmware versions "26" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R series Safety CPU R16SFCPUFirmware versions "26" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R series Safety CPU R32SFCPUFirmware versions "26" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R series Safety CPU R120SFCPUFirmware versions "26" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R Series SIL2 Process CPU R08PSFCPUFirmware versions "11" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R series SIL2 Process CPU R16PSFCPUFirmware versions "11" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R series SIL2 Process CPU R32PSFCPUFirmware versions "11" and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-R series SIL2 Process CPU R120PSFCPUFirmware versions "11" and prioraffected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References