CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.8 | $0-$5k | 0.00 |
A vulnerability was found in Mitsubishi Electric QJ71MES96, QJ71WS96, Q06CCPU-V, Q24DHCCPU-V, Q24DHCCPU-VG, R12CCPU-V, RD55UP06-V, RD55UP12-V, RJ71GN11-T2, RJ71EN71, QJ71E71-100, LJ71E71-100, QJ71MT91, RD78Gn(n=4, 8, 16, 32, 64), RD78GHV, RD78GHW, NZ2GACP620-60, NZ2GACP620-300, NZ2FT-MT, NZ2FT-EIP, Q03UDECPU and QnUDEHCPU. It has been declared as critical. Affected by this vulnerability is an unknown part. The manipulation with an unknown input leads to a predictable value vulnerability. The CWE definition for the vulnerability is CWE-342. An exact value or random number can be precisely predicted by observing previous values. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was published 09/01/2020 by Ta-Lun Yen as ICSA-20-245-01 (Website). The advisory is shared at us-cert.cisa.gov. The public release has been coordinated with Mitsubishi Electric. This vulnerability is known as CVE-2020-16226. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1600.001 for this issue.
Upgrading eliminates this vulnerability.
Product
Vendor
Name
- 8
- 16
- 32
- 64)
- LJ71E71-100
- NZ2FT-EIP
- NZ2FT-MT
- NZ2GACP620-60
- NZ2GACP620-300
- Q03UDECPU
- Q06CCPU-V
- Q24DHCCPU-V
- Q24DHCCPU-VG
- QJ71E71-100
- QJ71MES96
- QJ71MT91
- QJ71WS96
- QnUDEHCPU
- R12CCPU-V
- RD55UP06-V
- RD55UP12-V
- RD78GHV
- RD78GHW
- RD78Gn(n=4
- RJ71EN71
- RJ71GN11-T2
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.1VulDB Meta Temp Score: 8.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
Researcher Base Score: 7.3
Researcher Vector: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Predictable valueCWE: CWE-342 / CWE-341 / CWE-200
ATT&CK: T1600.001
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
07/31/2020 🔍09/01/2020 🔍
09/08/2020 🔍
11/12/2020 🔍
Sources
Advisory: ICSA-20-245-01Researcher: Ta-Lun Yen
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2020-16226 (🔍)
Entry
Created: 09/08/2020 12:29Updated: 11/12/2020 20:27
Changes: 09/08/2020 12:29 (48), 09/08/2020 12:34 (1), 11/11/2020 08:17 (3), 11/12/2020 20:23 (2), 11/12/2020 20:27 (8)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.