CVE-2020-5652

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R series CPU modules versions '20' and earlier MELSEC Q series CPU modules versions '52' and earlier MELSEC L series CPU modules versions with serial number '22081' and earlier MELSEC iQ-R R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier MELSEC iQ-R R 08/16/32/120 SFCPU firmware versions '22' and earlier MELSEC iQ-R R 08/16/32/120 PCPU all versions MELSEC iQ-R R 08/16/32/120 PSFCPU all versions MELSEC iQ-R R 16/32/64 MTCPU all versions MELSEC Q03 UDECPU all versions MELSEC Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier MELSEC Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier MELSEC Q 04/06/13/26 UDPVCPU serial number '22031' and earlier MELSEC Q 172/173 DCPU all versions MELSEC Q 172/173 DSCPU all versions MELSEC Q 170 MCPU all versions MELSEC Q 170 MSCPU all versions MELSEC L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions

Description The issue is related to an uncontrolled resource consumption vulnerability in the Ethernet Port on MELSEC iQ-R, Q, and L series CPU modules. This vulnerability allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition.

Recommendations For MELSEC iQ-R series CPU modules versions '20' and earlier, update the firmware to a version later than '20'. For MELSEC Q series CPU modules versions '52' and earlier, update the firmware to a version later than '52'. For MELSEC L series CPU modules versions with serial number '22081' and earlier, update the firmware to a version later than the one with serial number '22081'. For MELSEC iQ-R R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, update the firmware to a version later than '52'. For MELSEC iQ-R R 08/16/32/120 SFCPU firmware versions '22' and earlier, update the firmware to a version later than '22'. For MELSEC iQ-R R 08/16/32/120 PCPU all versions, restrict access to the Ethernet Port until a patch is available. For MELSEC iQ-R R 08/16/32/120 PSFCPU all versions, restrict access to the Ethernet Port until a patch is available. For MELSEC iQ-R R 16/32/64 MTCPU all versions, restrict access to the Ethernet Port until a patch is available. For MELSEC Q03 UDECPU all versions, restrict access to the Ethernet Port until a patch is available. For MELSEC Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier, update the firmware to a version later than the one with serial number '22081'. For MELSEC Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, update the firmware to a version later than the one with serial number '22031'. For MELSEC Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, update the firmware to a version later than the one with serial number '22031'. For MELSEC Q 172/173 DCPU all versions, restrict access to the Ethernet Port until a patch is available. For MELSEC Q 172/173 DSCPU all versions, restrict access to the Ethernet Port until a patch is available. For MELSEC Q 170 MCPU all versions, restrict access to the Ethernet Port until a patch is available. For MELSEC Q 170 MSCPU all versions, restrict access to the Ethernet Port until a patch is available. For MELSEC L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions, restrict access to the Ethernet Port until a patch is available.