{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-20599","assignerOrgId":"e0f77b61-78fd-4786-b3fb-1ee347a748ad","assignerShortName":"Mitsubishi","dateUpdated":"2024-08-03T17:45:44.681Z","dateReserved":"2020-12-17T00:00:00.000Z","datePublished":"2021-10-14T00:00:00.000Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"MELSEC iQ-R Series Safety CPU R08SFCPU","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"Firmware versions \"26\" and prior"}]},{"defaultStatus":"unaffected","product":"MELSEC iQ-R series Safety CPU R16SFCPU","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"Firmware versions \"26\" and prior"}]},{"defaultStatus":"unaffected","product":"MELSEC iQ-R series Safety CPU R32SFCPU","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"Firmware versions \"26\" and prior"}]},{"defaultStatus":"unaffected","product":"MELSEC iQ-R series Safety CPU R120SFCPU","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"Firmware versions \"26\" and prior"}]},{"defaultStatus":"unaffected","product":"MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"Firmware versions \"11\" and prior"}]},{"defaultStatus":"unaffected","product":"MELSEC iQ-R series SIL2 Process CPU R16PSFCPU","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"Firmware versions \"11\" and prior"}]},{"defaultStatus":"unaffected","product":"MELSEC iQ-R series SIL2 Process CPU R32PSFCPU","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"Firmware versions \"11\" and prior"}]},{"defaultStatus":"unaffected","product":"MELSEC iQ-R series SIL2 Process CPU R120PSFCPU","vendor":"Mitsubishi Electric Corporation","versions":[{"status":"affected","version":"Firmware versions \"11\" and prior"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password."}],"value":"Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password."}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-319","description":"CWE-319 Cleartext Transmission of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e0f77b61-78fd-4786-b3fb-1ee347a748ad","shortName":"Mitsubishi","dateUpdated":"2024-04-18T05:28:04.068Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"},{"tags":["government-resource"],"url":"https://jvn.jp/vu/JVNVU98578731"},{"tags":["government-resource"],"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-20599","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-04-22T20:51:10.357119Z"}}}],"affected":[{"cpes":["cpe:2.3:h:mitsubishielectric:melsec_iq-r08sfcpu:-:*:*:*:*:*:*:*"],"vendor":"mitsubishielectric","product":"melsec_iq-r08sfcpu","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*"],"vendor":"mitsubishielectric","product":"r16sfcpu","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*"],"vendor":"mitsubishielectric","product":"r32sfcpu","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*"],"vendor":"mitsubishielectric","product":"r120sfcpu","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*"],"vendor":"mitsubishielectric","product":"r08psfcpu","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*"],"vendor":"mitsubishielectric","product":"r16psfcpu","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*"],"vendor":"mitsubishielectric","product":"r32psfcpu","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*"],"vendor":"mitsubishielectric","product":"r120psfcpu","versions":[{"status":"affected","version":"-"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:12:41.515Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T17:45:44.681Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"},{"tags":["government-resource","x_transferred"],"url":"https://jvn.jp/vu/JVNVU98578731"},{"tags":["government-resource","x_transferred"],"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"}]}]}}