7.5 CVE-2021-20609

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "28" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
https://nvd.nist.gov/vuln/detail/CVE-2021-20609

Categories

CWE-400 : Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Certain automated dynamic analysis techniques may be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame. While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find resource exhaustion problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to handle resource exhaustion may be the cause. Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold. Ensure that protocols have specific limits of scale placed on them. Ensure that all failures in resource allocation place the system into a safe posture. Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190). Go-based workload orchestrator does not limit resource usage with unauthenticated connections, allowing a DoS by flooding the service Resource exhaustion in distributed OS because of "insufficient" IGMP queue management, as exploited in the wild per CISA KEV. Product allows attackers to cause a crash via a large number of connections. Malformed request triggers uncontrolled recursion, leading to stack exhaustion. Chain: memory leak (CWE-404) leads to resource exhaustion. Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption. Large integer value for a length property in an object causes a large amount of memory allocation. Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data. Product allows exhaustion of file descriptors when processing a large number of TCP packets. Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created. TCP implementation allows attackers to consume CPU and prevent new connections using a TCP SYN flood attack. Port scan triggers CPU consumption with processes that attempt to read data from closed sockets. Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window. Product allows resource exhaustion via a large number of calls that do not complete a 3-way handshake. Mail server does not properly handle deeply nested multipart MIME messages, leading to stack exhaustion. Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.

References

MISC

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf Vendor Advisory
https://jvn.jp/vu/JVNVU94434051/index.html Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02 Third Party Advisory US Government Resource

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware::::::::		<= 24
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:::::::*
Configuration 2
cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware::::::::		<= 24
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:::::::*
Configuration 3
cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware::::::::		<= 24
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:::::::*
Configuration 4
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware::::::::		<= 57
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:::::::*
Configuration 5
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware::::::::		<= 57
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:::::::*
Configuration 6
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware::::::::		<= 57
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:::::::*
Configuration 7
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware::::::::		<= 57
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:::::::*
Configuration 8
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware::::::::		<= 57
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:::::::*
Configuration 9
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_pcpu_firmware::::::::		<= 29
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_pcpu:-:::::::*
Configuration 10
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_pcpu_firmware::::::::		<= 29
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_pcpu:-:::::::*
Configuration 11
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_pcpu_firmware::::::::		<= 29
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_pcpu:-:::::::*
Configuration 12
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_pcpu_firmware::::::::		<= 29
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_pcpu:-:::::::*
Configuration 13
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_pcpu_firmware::::::::		<= 29
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_pcpu:-:::::::*
Configuration 14
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:::::::*
Configuration 15
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:::::::*
Configuration 16
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:::::::*
Configuration 17
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:::::::*
Configuration 18
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_mtcpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_mtcpu:-:::::::*
Configuration 19
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_mtcpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_mtcpu:-:::::::*
Configuration 20
cpe:2.3:o:mitsubishi:melsec_iq-r_r64_mtcpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r64_mtcpu:-:::::::*
Configuration 21
cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:::::::*
Configuration 22
cpe:2.3:o:mitsubishi:melsec_q03udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q03udecpu:-:::::::*
Configuration 23
cpe:2.3:o:mitsubishi:melsec_q04udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q04udecpu:-:::::::*
Configuration 24
cpe:2.3:o:mitsubishi:melsec_q06udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q06udecpu:-:::::::*
Configuration 25
cpe:2.3:o:mitsubishi:melsec_q10udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q10udecpu:-:::::::*
Configuration 26
cpe:2.3:o:mitsubishi:melsec_q13udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q13udecpu:-:::::::*
Configuration 27
cpe:2.3:o:mitsubishi:melsec_q20udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q20udecpu:-:::::::*
Configuration 28
cpe:2.3:o:mitsubishi:melsec_q26udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q26udecpu:-:::::::*
Configuration 29
cpe:2.3:o:mitsubishi:melsec_q50udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q50udecpu:-:::::::*
Configuration 30
cpe:2.3:o:mitsubishi:melsec_q100udecpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q100udecpu:-:::::::*
Configuration 31
cpe:2.3:o:mitsubishi:melsec_q03udvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:::::::*
Configuration 32
cpe:2.3:o:mitsubishi:melsec_q04udvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:::::::*
Configuration 33
cpe:2.3:o:mitsubishi:melsec_q06udvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:::::::*
Configuration 34
cpe:2.3:o:mitsubishi:melsec_q13udvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:::::::*
Configuration 35
cpe:2.3:o:mitsubishi:melsec_q26udvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:::::::*
Configuration 36
cpe:2.3:o:mitsubishi:melsec_q04udpvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q04udpvcpu:-:::::::*
Configuration 37
cpe:2.3:o:mitsubishi:melsec_q06udpvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:::::::*
Configuration 38
cpe:2.3:o:mitsubishi:melsec_q13udpvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:::::::*
Configuration 39
cpe:2.3:o:mitsubishi:melsec_q26udpvcpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:::::::*
Configuration 40
cpe:2.3:o:mitsubishi:melsec_q12dccpu-v_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q12dccpu-v:-:::::::*
Configuration 41
cpe:2.3:o:mitsubishi:melsec_q24dhccpu-v(g)_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q24dhccpu-v(g):-:::::::*
Configuration 42
cpe:2.3:o:mitsubishi:melsec_q24dhccpu-ls_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q24dhccpu-ls:-:::::::*
Configuration 43
cpe:2.3:o:mitsubishi:melsec_q26dhccpu-ls_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q26dhccpu-ls:-:::::::*
Configuration 44
cpe:2.3:o:mitsubishi:melsec_mr-mq100_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_mr-mq100:-:::::::*
Configuration 45
cpe:2.3:o:mitsubishi:melsec_q172dcpu-s1_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q172dcpu-s1:-:::::::*
Configuration 46
cpe:2.3:o:mitsubishi:melsec_q173dcpu-s1_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q173dcpu-s1:-:::::::*
Configuration 47
cpe:2.3:o:mitsubishi:melsec_q172dscpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q172dscpu:-:::::::*
Configuration 48
cpe:2.3:o:mitsubishi:melsec_q173dscpu_firmware:-:::::::*
Running on/with
cpe:2.3:h:mitsubishi:melsec_q173dscpu:-:::::::*
Configuration 49
cpe:2.3:o:mitsubishi:melsec_q170mscpu(-s1)_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q170mscpu(-s1):-:::::::*
Configuration 50
cpe:2.3:o:mitsubishi:melsec_q170mcpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_q170mcpu:-:::::::*
Configuration 51
cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melipc_mi5122-vw:-:::::::*
Configuration 52
cpe:2.3:o:mitsubishi:melsec_l26cpu-(p)bt_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_l26cpu-(p)bt:-:::::::*
Configuration 53
cpe:2.3:o:mitsubishi:melsec_l26cpu(-p)_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_l26cpu(-p):-:::::::*
Configuration 54
cpe:2.3:o:mitsubishi:melsec_l06cpu(-p)_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_l06cpu(-p):-:::::::*
Configuration 55
cpe:2.3:o:mitsubishi:melsec_l02cpu(-p)_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_l02cpu(-p):-:::::::*
Configuration 56
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu::::::::
Configuration 57
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:::::::*
Configuration 58
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:::::::*
Configuration 59
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware::::::::
Running on/with
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:::::::*

Exploits

Exploit-db.com

id	description	date
No known exploits

Other (github, ...)

Url
No known exploits

CAPEC

id	description	severity
492	Regular Expression Exponential Blowup An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.
147	XML Ping of the Death An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target. [Survey the target] Using a browser or an automated tool, an attacker records all instance of web services to process XML requests. [Launch a resource depletion attack] The attacker delivers a large number of small XML messages to the target URLs found in the explore phase at a sufficiently rapid rate. It causes denial of service to the target application.	Medium

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution