CVE-2020-5653

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R series versions with the following modules: RJ71EIP91 EtherNet/IP Network Interface Module with serial number starting '02' or before RJ71PN92 PROFINET IO Controller Module with serial number starting '01' or before RD81DL96 High Speed Data Logger Module with serial number starting '08' or before RD81MES96N MES Interface Module with serial number starting '04' or before RD81OPC96 OPC UA Server Module with serial number starting '04' or before

Description A buffer overflow issue in the TCP/IP function of the firmware allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Recommendations For RJ71EIP91 EtherNet/IP Network Interface Module with serial number starting '02' or before, consider disabling the network functions until a patch is available. For RJ71PN92 PROFINET IO Controller Module with serial number starting '01' or before, restrict access to the module to minimize the risk of exploitation. For RD81DL96 High Speed Data Logger Module with serial number starting '08' or before, avoid using the module for critical operations until the issue is resolved. For RD81MES96N MES Interface Module with serial number starting '04' or before, consider implementing additional security measures to prevent malicious packet transmissions. For RD81OPC96 OPC UA Server Module with serial number starting '04' or before, restrict access to the module and monitor network activity for signs of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.