CVE-2021-20586
CVE-2021-20586 is a high-severity vulnerability in Mitsubishielectric Rv2fr Firmware with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v2: 7.8
- EPSS exploit prediction: 3% (84th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Mitsubishielectric Rv2fr Firmware
- Published:
- Last modified:
Description
Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.
Frequently asked questions
- What is CVE-2021-20586?
- Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.
- How severe is CVE-2021-20586?
- CVE-2021-20586 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2021-20586 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (84th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-20586?
- CVE-2021-20586 primarily affects Mitsubishielectric Rv2fr Firmware. In total, 33 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-20586?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2021-20586 published?
- CVE-2021-20586 was published on 2021-01-29 and last updated on 2026-06-17.
References
Affected products (33)
- cpe:2.3:o:mitsubishielectric:rv2fr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv2frl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv4fr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv4frl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv7fr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv7frl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv7frll_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv13fr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv13frl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv20fr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh1frhr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh3frhr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh3frh35_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh3frh45_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh3frh55_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh6frh35_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh6frh45_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh6frh55_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh12frh55_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh12rfh70_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh12frh85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh20frh85_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rh20frh100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv2fr\(b\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv2frl\(b\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv4frm\/c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv4frlm\/c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv7frm\/c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv7frlm\/c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv7frllm\/c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv13frm\/c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv13frlm\/c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:rv20frm\/c_firmware:*:*:*:*:*:*:*:*