{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-20594","assignerOrgId":"e0f77b61-78fd-4786-b3fb-1ee347a748ad","assignerShortName":"Mitsubishi","dateUpdated":"2024-08-03T17:45:44.726Z","dateReserved":"2020-12-17T00:00:00.000Z","datePublished":"2021-08-06T00:00:00.000Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU","vendor":"n/a","versions":[{"status":"affected","version":"Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior"},{"status":"affected","version":"Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions \"11\" and prior"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.</p>"}],"value":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names."}],"problemTypes":[{"descriptions":[{"description":"Exposure of Sensitive Information to an Unauthorized Actor","lang":"en"}]}],"providerMetadata":{"orgId":"e0f77b61-78fd-4786-b3fb-1ee347a748ad","shortName":"Mitsubishi","dateUpdated":"2024-05-24T07:53:21.422Z"},"references":[{"url":"https://jvn.jp/vu/JVNVU98578731/index.html"},{"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf"},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T17:45:44.726Z"},"title":"CVE Program Container","references":[{"url":"https://jvn.jp/vu/JVNVU98578731/index.html","tags":["x_transferred"]},{"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf","tags":["x_transferred"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01","tags":["x_transferred"]}]}]}}