CVE-2020-5656

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R series versions with the following modules: RJ71EIP91 EtherNet/IP Network Interface Module with serial number starting with '02' or before RJ71PN92 PROFINET IO Controller Module with serial number starting with '01' or before RD81DL96 High Speed Data Logger Module with serial number starting with '08' or before RD81MES96N MES Interface Module with serial number starting with '04' or before RD81OPC96 OPC UA Server Module with serial number starting with '04' or before

Description The issue is related to improper access control in the TCP/IP function of the affected modules, allowing a remote unauthenticated attacker to send a specially crafted packet. This can lead to the network functions of the products being stopped or the execution of a malicious program.

Recommendations For RJ71EIP91 EtherNet/IP Network Interface Module with serial number starting with '02' or before, consider restricting access to the module until a fix is available. For RJ71PN92 PROFINET IO Controller Module with serial number starting with '01' or before, restrict network access to the module to minimize the risk of exploitation. For RD81DL96 High Speed Data Logger Module with serial number starting with '08' or before, avoid using the module in a networked environment until the issue is resolved. For RD81MES96N MES Interface Module with serial number starting with '04' or before, and RD81OPC96 OPC UA Server Module with serial number starting with '04' or before, limit the use of these modules in sensitive networks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.