Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2021-20586.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Mitsubishi Electric MELFA (CVE-2021-20586)
2022-02-0700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
vulnerability resource management mitsubishi electric melfa robot controllers dos tenableot scanner
EPSS
0.002
Percentile
64.6%
Resource management errors vulnerability in a robot controller of MELFA FR Series(controller CR800-VD of RV-FR**-D-* all versions, controller CR800-HD of RH-FRH*-D-* all versions, controller CR800-HRD of RH-FRHR*-D-* all versions, controller CR800-VR with R16RTCPU of RV-FR**-R-* all versions, controller CR800-HR with R16RTCPU of RH-FRH*-R-* all versions, controller CR800-HRR with R16RTCPU of RH-FRHR*-R-* all versions, controller CR800-VQ with Q172DSRCPU of RV-FR**-Q-* all versions, controller CR800-HQ with Q172DSRCPU of RH-FRH*-Q-* all versions, controller CR800-HRQ with Q172DSRCPU of RH-FRHR*-Q-* all versions) and a robot controller of MELFA CR Series(controller CR800-CVD of RV-8CRL-D-* all versions, controller CR800-CHD of RH-CRH*-D-* all versions) as well as a cooperative robot ASSISTA(controller CR800-05VD of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500528);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/13");
script_cve_id("CVE-2021-20586");
script_name(english:"Mitsubishi Electric MELFA (CVE-2021-20586)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Resource management errors vulnerability in a robot controller of MELFA FR Series(controller CR800-*V*D of RV-*FR***-D-*
all versions, controller CR800-*HD of RH-*FRH***-D-* all versions, controller CR800-*HRD of RH-*FRHR***-D-* all
versions, controller CR800-*V*R with R16RTCPU of RV-*FR***-R-* all versions, controller CR800-*HR with R16RTCPU of
RH-*FRH***-R-* all versions, controller CR800-*HRR with R16RTCPU of RH-*FRHR***-R-* all versions, controller CR800-*V*Q
with Q172DSRCPU of RV-*FR***-Q-* all versions, controller CR800-*HQ with Q172DSRCPU of RH-*FRH***-Q-* all versions,
controller CR800-*HRQ with Q172DSRCPU of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR
Series(controller CR800-CVD of RV-8CRL-D-* all versions, controller CR800-CHD of RH-*CRH**-D-* all versions) as well as
a cooperative robot ASSISTA(controller CR800-05VD of RV-5AS-D-* all versions) allows a remote unauthenticated attacker
to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets
in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the
error occurs.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for
more information.");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a2cbe9d");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-021-04");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting this
vulnerability:
- Use a firewall or VPN, etc., to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Use an IP filter function and block access from untrusted networks and hosts. The product models and firmware versions
that support the IP filter function are:
- MELFA FR Series: firmware Version âC2â or later
- MELFA CR Series: firmware Version âC2â or later
- MELFA ASSISTA: firmware Version âC2â or later
To obtain a product that supports the IP filter function, contact your local Mitsubishi Electric representative.
Please refer to the Mitsubishi Electric advisory for details on how to check firmware version.
Additional information about the vulnerabilities or Mitsubishi Electricâs compensating control is available by
contacting a Mitsubishi Electric representative.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20586");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/29");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv2fr_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv2frl_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv4fr_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv4frl_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv7fr_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv7frl_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv7frll_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv13fr_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv13frl_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv20fr_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh1frhr_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh3frhr_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh3frh35_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh3frh45_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh3frh55_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh6frh35_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh6frh45_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh6frh55_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh12frh55_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh12rfh70_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh12frh85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh20frh85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rh20frh100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv2fr%28b%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv2frl%28b%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv4frm%2fc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv4frlm%2fc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv7frm%2fc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv7frlm%2fc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv7frllm%2fc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv13frm%2fc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv13frlm%2fc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rv20frm%2fc_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:rv2fr_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv2frl_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv4fr_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv4frl_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv7fr_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv7frl_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv7frll_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv13fr_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv13frl_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv20fr_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh1frhr_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh3frhr_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh3frh35_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh3frh45_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh3frh55_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh6frh35_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh6frh45_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh6frh55_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh12frh55_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh12rfh70_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh12frh85_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh20frh85_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rh20frh100_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv2fr%28b%29_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv2frl%28b%29_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv4frm%2fc_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv4frlm%2fc_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv7frm%2fc_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv7frlm%2fc_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv7frllm%2fc_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv13frm%2fc_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv13frlm%2fc_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:rv20frm%2fc_firmware" :
{"family" : "Mitsubishi"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Related
prion
prion
Design/Logic Flaw
2021-01-29 15:15:00
cve
cve
CVE-2021-20586
2021-01-29 15:15:12
ics
ics
Mitsubishi Electric MELFA (Update A)
2021-05-18 12:00:00
cvelist
cvelist
CVE-2021-20586
2021-01-29 14:54:32
nvd
nvd
CVE-2021-20586
2021-01-29 15:15:12