CRITICAL🇵🇱 Wersja polska

CVE-2021-20597

CVSS 9.1v3.1pub. 2021-08-06upd. 2024-11-21

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Mitsubishielectric R08psfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R08psfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R08sfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R08sfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R120psfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R120psfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R120sfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R120sfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R16psfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R16psfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R16sfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R16sfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R32psfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R32psfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R32sfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R32sfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-20599CRITICAL9.1ten sam produkt

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability i...

CVE-2021-20594HIGH7.5ten sam produkt

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R se...

CVE-2021-20591HIGH7.5ten sam produkt

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/...

CVE-2020-16850HIGH7.5ten sam produkt

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial p...

CVE-2020-5668HIGH7.5ten sam produkt

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '...