CVE-2020-5655

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R series versions with the following modules and serial numbers: RJ71EIP91 EtherNet/IP Network Interface Module with serial number starting with '02' or before RJ71PN92 PROFINET IO Controller Module with serial number starting with '01' or before RD81DL96 High Speed Data Logger Module with serial number starting with '08' or before RD81MES96N MES Interface Module with serial number starting with '04' or before RD81OPC96 OPC UA Server Module with serial number starting with '04' or before

Description A NULL pointer dereferences issue exists in the TCP/IP function of the firmware, allowing a remote unauthenticated attacker to send a specially crafted packet and stop the network functions of the products.

Recommendations For RJ71EIP91 EtherNet/IP Network Interface Module with serial number starting with '02' or before, consider disabling the network functions until a patch is available. For RJ71PN92 PROFINET IO Controller Module with serial number starting with '01' or before, restrict access to the module to minimize the risk of exploitation. For RD81DL96 High Speed Data Logger Module with serial number starting with '08' or before, avoid using the module for critical operations until the issue is resolved. For RD81MES96N MES Interface Module with serial number starting with '04' or before, consider implementing additional security measures to prevent unauthorized access. For RD81OPC96 OPC UA Server Module with serial number starting with '04' or before, restrict access to the module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.