CVE-2020-5527

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R series (all versions) MELSEC iQ-F series (all versions) MELSEC Q series (all versions) MELSEC L series (all versions) MELSEC F series (all versions)

Description The MELSOFT transmission port (UDP/IP) of the affected Mitsubishi Electric MELSEC series may fall into a denial-of-service (DoS) condition when it receives a massive amount of data via unspecified vectors, causing resource consumption and improper data processing. This issue only affects Ethernet communication functions.

Recommendations For MELSEC iQ-R series, restrict access to the MELSOFT transmission port (UDP/IP) to minimize the risk of exploitation. For MELSEC iQ-F series, consider disabling the Ethernet communication functions until a fix is available. For MELSEC Q series, limit the amount of data that can be received via the MELSOFT transmission port (UDP/IP) to prevent resource consumption. For MELSEC L series, avoid using the MELSOFT transmission port (UDP/IP) for critical communications until the issue is resolved. For MELSEC F series, implement traffic filtering to block massive amounts of data from reaching the MELSOFT transmission port (UDP/IP).