CVE-2021-20586

Name of the Vulnerable Software and Affected Versions: MELFA FR Series versions all versions MELFA CR Series versions all versions ASSISTA versions all versions

Description: A resource management error in the robot controllers allows a remote unauthenticated attacker to cause a Denial of Service (DoS) of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of the DoS, an error may occur, requiring a reset to recover.

Recommendations: For MELFA FR Series, consider implementing rate limiting on incoming packets to prevent excessive bursts. For MELFA CR Series, restrict access to the Ethernet communication to minimize the risk of exploitation. For ASSISTA, as a temporary workaround, consider disabling the Ethernet communication until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.