CVE-2020-5527
Description
MELSOFT transmission port (UDP/IP) in multiple Mitsubishi Electric PLC series is vulnerable to denial-of-service via massive data, causing resource exhaustion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MELSOFT transmission port (UDP/IP) in multiple Mitsubishi Electric PLC series is vulnerable to denial-of-service via massive data, causing resource exhaustion.
Vulnerability
The MELSOFT transmission port (UDP/IP) on Ethernet-equipped Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and F series (all versions) contains an uncontrolled resource consumption vulnerability (CWE-400). When the port receives a massive amount of data via unspecified vectors, resource consumption occurs and the port fails to process data properly, leading to a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. [1]
Exploitation
An attacker can trigger the vulnerability by sending a large volume of UDP/IP data to the MELSOFT transmission port. No authentication or special network position is required beyond network access to the target device. The attack does not require user interaction. [1]
Impact
Successful exploitation causes the MELSOFT transmission port to become unresponsive, preventing clients from communicating with it. Additionally, other devices using different communication ports may become unable to connect to the affected port. The sequential control functions are not affected, and the DoS condition is temporary; once the attack ceases, communication functions resume normal behavior. [1]
Mitigation
The developer has stated that there is no plan to provide updates or patches for this vulnerability. As a workaround, users should set up a firewall and restrict access to the MELSOFT transmission port to trusted networks only. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: all versions
- Range: all versions
- Mitsubishi Electric Corporation/MELSOFT transmission port (UDP/IP) of multiple Mitsubishi Electric MELSEC seriesv5Range: MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions)
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- jvn.jp/en/vu/JVNVU91553662/index.htmlmitrex_refsource_MISC
- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.