CVE-2021-20586 - Vulnerability Details

Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.02014.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Robot Controller MELFA FR Series; Robot Controller CR Series; Cooperative Robot ASSISTA

affected

Version	Status	Constraints
Controller "CR800-VD" of RV-FR*-D- all versions, Controller "CR800-HD" of RH-FRH**-D- all versions, Controller "CR800-HRD" of RH-FRHR**-D- all versions, Controller "CR800-VR with R16RTCPU" of RV-FR*-R- all versions, Controller "CR800-HR with R16RTCPU" of RH-FRH**-R- all versions, Controller "CR800-HRR with R16RTCPU" of RH-FRHR**-R- all versions, Controller "CR800-VQ with Q172DSRCPU" of RV-FR*-Q- all versions, Controller "CR800-HQ with Q172DSRCPU" of RH-FRH**-Q- all versions, Controller "CR800-HRQ with Q172DSRCPU" of RH-FRHR**-Q- all versions	affected	—
`Controller "CR800-CVD" of RV-8CRL-D-* all versions, Controller "CR800-CHD" of RH-CRH-D- all versions`	affected	—
`Controller "CR800-05VD" of RV-5AS-D-* all versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:rv2fr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv2fr:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:rv2frl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv2frl:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:rv4fr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv4fr:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishielectric:rv4frl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv4frl:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitsubishielectric:rv7fr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv7fr:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitsubishielectric:rv7frl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv7frl:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitsubishielectric:rv7frll_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv7frll:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitsubishielectric:rv13fr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv13fr:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mitsubishielectric:rv13frl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv13frl:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mitsubishielectric:rv20fr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv20fr:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mitsubishielectric:rh1frhr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh1frhr:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mitsubishielectric:rh3frhr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh3frhr:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:mitsubishielectric:rh3frh35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh3frh35:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:mitsubishielectric:rh3frh45_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh3frh45:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:mitsubishielectric:rh3frh55_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh3frh55:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:mitsubishielectric:rh6frh35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh6frh35:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:mitsubishielectric:rh6frh45_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh6frh45:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:mitsubishielectric:rh6frh55_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh6frh55:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:mitsubishielectric:rh12frh55_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh12frh55:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:mitsubishielectric:rh12rfh70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh12rfh70:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:mitsubishielectric:rh12frh85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh12frh85:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:mitsubishielectric:rh20frh85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh20frh85:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:mitsubishielectric:rh20frh100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rh20frh100:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:mitsubishielectric:rv2fr\(b\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv2fr\(b\):-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:mitsubishielectric:rv2frl\(b\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv2frl\(b\):-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:mitsubishielectric:rv4frm\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv4frm\/c:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:mitsubishielectric:rv4frlm\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv4frlm\/c:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:mitsubishielectric:rv7frm\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv7frm\/c:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:mitsubishielectric:rv7frlm\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv7frlm\/c:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:mitsubishielectric:rv7frllm\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv7frllm\/c:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:mitsubishielectric:rv13frm\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv13frm\/c:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:mitsubishielectric:rv13frlm\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv13frlm\/c:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:mitsubishielectric:rv20frm\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rv20frm\/c:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Mitsubishielectric Subscribe	Rh12frh55 Subscribe Rh12frh55 Firmware Subscribe Rh12frh85 Subscribe Rh12frh85 Firmware Subscribe Rh12rfh70 Subscribe Rh12rfh70 Firmware Subscribe Rh1frhr Subscribe Rh1frhr Firmware Subscribe Rh20frh100 Subscribe Rh20frh100 Firmware Subscribe Rh20frh85 Subscribe Rh20frh85 Firmware Subscribe Rh3frh35 Subscribe Rh3frh35 Firmware Subscribe Rh3frh45 Subscribe Rh3frh45 Firmware Subscribe Rh3frh55 Subscribe Rh3frh55 Firmware Subscribe Rh3frhr Subscribe Rh3frhr Firmware Subscribe Rh6frh35 Subscribe Rh6frh35 Firmware Subscribe Rh6frh45 Subscribe Rh6frh45 Firmware Subscribe Rh6frh55 Subscribe Rh6frh55 Firmware Subscribe Rv13fr Subscribe Rv13fr Firmware Subscribe Rv13frl Subscribe Rv13frl Firmware Subscribe Rv13frlm\/c Subscribe Rv13frlm\/c Firmware Subscribe Rv13frm\/c Subscribe Rv13frm\/c Firmware Subscribe Rv20fr Subscribe Rv20fr Firmware Subscribe Rv20frm\/c Subscribe Rv20frm\/c Firmware Subscribe Rv2fr Subscribe Rv2fr\(b\) Subscribe Rv2fr\(b\) Firmware Subscribe Rv2fr Firmware Subscribe Rv2frl Subscribe Rv2frl\(b\) Subscribe Rv2frl\(b\) Firmware Subscribe Rv2frl Firmware Subscribe Rv4fr Subscribe Rv4fr Firmware Subscribe Rv4frl Subscribe Rv4frl Firmware Subscribe Rv4frlm\/c Subscribe Rv4frlm\/c Firmware Subscribe Rv4frm\/c Subscribe Rv4frm\/c Firmware Subscribe Rv7fr Subscribe Rv7fr Firmware Subscribe Rv7frl Subscribe Rv7frl Firmware Subscribe Rv7frll Subscribe Rv7frll Firmware Subscribe Rv7frllm\/c Subscribe Rv7frllm\/c Firmware Subscribe Rv7frlm\/c Subscribe Rv7frlm\/c Firmware Subscribe Rv7frm\/c Subscribe Rv7frm\/c Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2021-8004	Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-VD" of RV-FR*-D- all versions, controller "CR800-HD" of RH-FRH**-D- all versions, controller "CR800-HRD" of RH-FRHR**-D- all versions, controller "CR800-VR with R16RTCPU" of RV-FR*-R- all versions, controller "CR800-HR with R16RTCPU" of RH-FRH**-R- all versions, controller "CR800-HRR with R16RTCPU" of RH-FRHR**-R- all versions, controller "CR800-VQ with Q172DSRCPU" of RV-FR*-Q- all versions, controller "CR800-HQ with Q172DSRCPU" of RH-FRH**-Q- all versions, controller "CR800-HRQ with Q172DSRCPU" of RH-FRHR**-Q- all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-CRH-D- all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-019_en.pdf

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2021-01-29T14:54:32

Updated: 2024-08-03T17:45:44.779Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20586

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-29T15:15:12.833

Modified: 2024-11-21T05:46:49.483

Link: CVE-2021-20586

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object