CVE-2020-5668

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R Series modules versions '19' and earlier (R00/01/02CPU firmware) MELSEC iQ-R Series modules versions '51' and earlier (R04/08/16/32/120 (EN) CPU firmware) MELSEC iQ-R Series modules versions '22' and earlier (R08/16/32/120SFCPU firmware) MELSEC iQ-R Series modules all versions (R08/16/32/120PCPU firmware) MELSEC iQ-R Series modules all versions (R08/16/32/120PSFCPU firmware) MELSEC iQ-R Series modules versions '47' and earlier (RJ71EN71 firmware) MELSEC iQ-R Series modules versions '47' and earlier (RJ71GF11-T2 firmware) MELSEC iQ-R Series modules versions '07' and earlier (RJ72GF15-T2 firmware) MELSEC iQ-R Series modules versions '47' and earlier (RJ71GP21-SX firmware) MELSEC iQ-R Series modules versions '47' and earlier (RJ71GP21S-SX firmware) MELSEC iQ-R Series modules all versions (RJ71C24 (-R2/R4) firmware) MELSEC iQ-R Series modules all versions (RJ71GN11-T2 firmware)

Description The issue is an uncontrolled resource consumption vulnerability that allows a remote unauthenticated attacker to cause an error in a CPU unit, resulting in a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by receiving a specially crafted SLMP packet.

Recommendations As a temporary workaround, consider disabling the reception of SLMP packets until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable firmware versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.