Unrated severityNVD Advisory· Published Mar 16, 2020· Updated Aug 4, 2024

CVE-2020-5544

Description

Null pointer dereference in TCP function of Mitsubishi MELQIC IU1 series firmware allows remote attackers to cause denial of service or execute malware.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Null pointer dereference in TCP function of Mitsubishi MELQIC IU1 series firmware allows remote attackers to cause denial of service or execute malware.

Vulnerability

A null pointer dereference vulnerability exists in the TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier. This vulnerability can be triggered without any special configuration or authentication.

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted packet to the target device over the network. No prior authentication or user interaction is required. The attacker only needs network access to the device.

Impact

Successful exploitation can lead to a denial of service by stopping the network functions of the device, or it may allow the attacker to execute malware on the device, potentially leading to full compromise.

Mitigation

Mitsubishi Electric has released firmware version 1.08 or later to fix this vulnerability. The update should be applied using IU Configuration Tool version 1.04 or later. As a workaround, restricting network access from untrusted hosts and networks via a firewall can mitigate the risk until the update is applied [1].

References

Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric data collection analyzer MELQIC IU1 series

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Mitsubishielectric/MELQIC IU1 seriesllm-fuzzy
Range: <=1.0.7
Mitsubishielectric/Mitsubishi Electric CNC M800V/M80V seriescpe-rescue
Range: IU1-1M20-D firmware version 1.0.7 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

jvn.jp/en/vu/JVNVU92370624/index.htmlmitrex_refsource_MISC
www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000