Common Weakness Enumeration

CWE-190

Allowed

Integer Overflow or Wraparound

Abstraction: Base · Status: Stable

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

3869 vulnerabilities reference this CWE, most recent first.

CVE-2024-4453 (GCVE-0-2024-4453)

Vulnerability from cvelistv5 – Published: 2024-05-22 19:18 – Updated: 2025-02-13 17:53
VLAI
Title
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
Summary
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
zdi
Impacted products
Vendor Product Version
GStreamer GStreamer Affected: fc0ef6ede6ceda8c89326b38899d4944a8091f40 and 1.24.0
Create a notification for this product.
Date Public
2024-05-17 23:23
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4453",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T15:47:50.864899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:44.604Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:40:47.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-24-467",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-467/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GStreamer",
          "vendor": "GStreamer",
          "versions": [
            {
              "status": "affected",
              "version": "fc0ef6ede6ceda8c89326b38899d4944a8091f40 and 1.24.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-05-02T23:34:53.502Z",
      "datePublic": "2024-05-17T23:23:20.302Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-23896."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:14:07.113Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-467",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-467/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html"
        }
      ],
      "source": {
        "lang": "en",
        "value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
      },
      "title": "GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-4453",
    "datePublished": "2024-05-22T19:18:02.927Z",
    "dateReserved": "2024-05-02T23:34:53.526Z",
    "dateUpdated": "2025-02-13T17:53:35.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3757 (GCVE-0-2024-3757)

Vulnerability from cvelistv5 – Published: 2024-05-07 06:27 – Updated: 2024-08-01 20:20
VLAI
Title
Arkcompiler runtime has an integer overflow vulnerability
Summary
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
OpenHarmony OpenHarmony Affected: v4.0.0 , < v4.0.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T14:46:05.320746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:32:26.834Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:01.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenHarmony",
          "vendor": "OpenHarmony",
          "versions": [
            {
              "lessThan": "v4.0.1",
              "status": "affected",
              "version": "v4.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow."
            }
          ],
          "value": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T06:27:07.124Z",
        "orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
        "shortName": "OpenHarmony"
      },
      "references": [
        {
          "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Arkcompiler runtime has an integer  overflow vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
    "assignerShortName": "OpenHarmony",
    "cveId": "CVE-2024-3757",
    "datePublished": "2024-05-07T06:27:07.124Z",
    "dateReserved": "2024-04-13T06:30:04.973Z",
    "dateUpdated": "2024-08-01T20:20:01.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3077 (GCVE-0-2024-3077)

Vulnerability from cvelistv5 – Published: 2024-03-29 05:06 – Updated: 2024-08-01 19:32
VLAI
Title
Bluetooth: integer underflow in gatt_find_info_rsp
Summary
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
zephyrproject-rtos Zephyr Affected: * , ≤ 3.6 (git)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3077",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-01T18:40:47.514480Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:31:38.524Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Zephyr",
          "product": "Zephyr",
          "repo": "https://github.com/zephyrproject-rtos/zephyr",
          "vendor": "zephyrproject-rtos",
          "versions": [
            {
              "lessThanOrEqual": "3.6",
              "status": "affected",
              "version": "*",
              "versionType": "git"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An malicious BLE device can crash BLE victim device by sending malformed gatt packet"
            }
          ],
          "value": "An malicious BLE device can crash BLE victim device by sending malformed gatt packet"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126: Buffer Ovead",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-29T05:06:18.378Z",
        "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "shortName": "zephyr"
      },
      "references": [
        {
          "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Bluetooth: integer underflow in gatt_find_info_rsp",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
    "assignerShortName": "zephyr",
    "cveId": "CVE-2024-3077",
    "datePublished": "2024-03-29T05:06:18.378Z",
    "dateReserved": "2024-03-29T04:45:26.918Z",
    "dateUpdated": "2024-08-01T19:32:42.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2452 (GCVE-0-2024-2452)

Vulnerability from cvelistv5 – Published: 2024-03-26 15:43 – Updated: 2025-02-13 17:40
VLAI
Title
Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()
Summary
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation ThreadX Affected: 0 , < 6.4.0 (semver)
Create a notification for this product.
Credits
Marco Ivaldi
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2452",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T20:51:41.137794Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T20:51:50.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/May/35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "NetX Duo",
          "product": "ThreadX",
          "repo": "https://github.com/eclipse-threadx/netxduo/",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThan": "6.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marco Ivaldi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eIn Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control \nparameters of __portable_aligned_alloc() could cause an integer \nwrap-around and an allocation smaller than expected. This could cause \nsubsequent heap buffer overflows.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control \nparameters of __portable_aligned_alloc() could cause an integer \nwrap-around and an allocation smaller than expected. This could cause \nsubsequent heap buffer overflows."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T17:13:02.793Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/May/35"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-2452",
    "datePublished": "2024-03-26T15:43:36.233Z",
    "dateReserved": "2024-03-14T14:48:55.832Z",
    "dateUpdated": "2025-02-13T17:40:10.101Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2212 (GCVE-0-2024-2212)

Vulnerability from cvelistv5 – Published: 2024-03-26 15:58 – Updated: 2025-02-13 17:33
VLAI
Title
Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()
Summary
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation ThreadX Affected: 0 , < 6.4.0 (semver)
Create a notification for this product.
eclipse_foundation threadx Affected: 0 , < 6.4.0 (semver)
    cpe:2.3:a:eclipse_foundation:threadx:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Marco Ivaldi
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse_foundation:threadx:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "threadx",
            "vendor": "eclipse_foundation",
            "versions": [
              {
                "lessThan": "6.4.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2212",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T18:19:47.657038Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:34:55.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:39.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/May/35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ThreadX",
          "repo": "https://github.com/eclipse-threadx/threadx/",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThan": "6.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marco Ivaldi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eIn Eclipse ThreadX before 6.4.0,  xQueueCreate() and xQueueCreateSet() \nfunctions from the FreeRTOS compatibility API \n(utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing \nparameter checks. This could lead to integer wraparound, \nunder-allocations and heap buffer overflows.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "In Eclipse ThreadX before 6.4.0,  xQueueCreate() and xQueueCreateSet() \nfunctions from the FreeRTOS compatibility API \n(utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing \nparameter checks. This could lead to integer wraparound, \nunder-allocations and heap buffer overflows."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T17:13:00.990Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/May/35"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-2212",
    "datePublished": "2024-03-26T15:58:27.486Z",
    "dateReserved": "2024-03-06T08:05:57.446Z",
    "dateUpdated": "2025-02-13T17:33:30.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1917 (GCVE-0-2024-1917)

Vulnerability from cvelistv5 – Published: 2024-03-15 00:02 – Updated: 2024-08-27 19:58
VLAI
Summary
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC-Q Series Q03UDECPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q10UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q20UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q50UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q100UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDPVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDPVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDPVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDPVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L02CPU Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L06CPU Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L02CPU-P Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L06CPU-P Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-P Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-BT Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-PBT Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
mitsubishielectric melsec_q-q03udecpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q04udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q06udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q10udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q13udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q20udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q26udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q50udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q100udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q03udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q04udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q06udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q13udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q26udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q06udpvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q13udpvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q26udpvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric l02cpu-p Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_l06cpu\(-p\) Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishi:melsec_l06cpu\(-p\):-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_l26cpu\(-p\) Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishi:melsec_l26cpu\(-p\):-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_l02cpu-p Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_l06cpu-p Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_l26cpu-p Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric l26cpu-bt Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_l26cpu-pbt Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-03-14 03:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:56:22.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU99690199/"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q03udecpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q04udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q06udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q10udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q13udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q20udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q26udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q50udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q100udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q03udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q04udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q06udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q13udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q26udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q06udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q13udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q26udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "l02cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l06cpu\\(-p\\)",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu\\(-p\\)",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l02cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l06cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "l26cpu-bt",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu-pbt",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1917",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T19:57:53.325242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T19:58:12.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDECPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q10UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q20UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q50UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q100UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L02CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L06CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L02CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L06CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-BT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-PBT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        }
      ],
      "datePublic": "2024-03-14T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
            }
          ],
          "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote Code Execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T00:05:06.682Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU99690199/"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2024-1917",
    "datePublished": "2024-03-15T00:02:39.351Z",
    "dateReserved": "2024-02-27T06:32:47.752Z",
    "dateUpdated": "2024-08-27T19:58:12.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1916 (GCVE-0-2024-1916)

Vulnerability from cvelistv5 – Published: 2024-03-15 00:01 – Updated: 2024-08-27 19:57
VLAI
Summary
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC-Q Series Q03UDECPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q10UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q20UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q50UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q100UDEHCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDPVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDPVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDPVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDPVCPU Affected: The first 5 digits of serial No. "26061" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L02CPU Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L06CPU Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L02CPU-P Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L06CPU-P Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-P Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-BT Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-PBT Affected: The first 5 digits of serial No. "26041" and prior
Create a notification for this product.
mitsubishielectric melsec_q-q03udecpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q04udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q06udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q10udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q13udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q20udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q26udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q50udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_q-q100udehcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q03udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q04udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q06udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q13udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q26udvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q06udpvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q13udpvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_q26udpvcpu Affected: 0 , < xxxxx26061 (custom)
    cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric l02cpu-p Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_l06cpu\(-p\) Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishi:melsec_l06cpu\(-p\):-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishi melsec_l26cpu\(-p\) Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishi:melsec_l26cpu\(-p\):-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_l02cpu-p Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_l06cpu-p Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_l26cpu-p Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric l26cpu-bt Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric melsec_l26cpu-pbt Affected: 0 , < xxxxx26041 (custom)
    cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-03-14 03:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:56:22.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU99690199/"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q03udecpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q04udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q06udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q10udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q13udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q20udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q26udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q50udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q100udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q03udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q04udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q06udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q13udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q26udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q06udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q13udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q26udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "l02cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l06cpu\\(-p\\)",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu\\(-p\\)",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l02cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l06cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "l26cpu-bt",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu-pbt",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1916",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-15T19:08:27.756460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T19:57:29.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDECPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q10UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q20UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q50UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q100UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L02CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L06CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L02CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L06CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-BT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-PBT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        }
      ],
      "datePublic": "2024-03-14T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
            }
          ],
          "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote Code Execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T00:04:37.000Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU99690199/"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2024-1916",
    "datePublished": "2024-03-15T00:01:39.440Z",
    "dateReserved": "2024-02-27T06:32:44.641Z",
    "dateUpdated": "2024-08-27T19:57:29.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1633 (GCVE-0-2024-1633)

Vulnerability from cvelistv5 – Published: 2024-02-19 16:42 – Updated: 2024-08-01 18:48
VLAI
Title
FIP Header Integer Overflow
Summary
During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not 
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
Credits
Tomer.Fichman@cymotive.com
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1633",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T15:25:37.839796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T15:26:06.442Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:48:20.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://asrg.io/security-advisories/CVE-2024-1633/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "arm-trusted-firmware",
          "product": "rcar_gen3_v2.5",
          "repo": "https://github.com/renesas-rcar/arm-trusted-firmware",
          "vendor": "Renesas",
          "versions": [
            {
              "status": "affected",
              "version": "v2.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomer.Fichman@cymotive.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u0026nbsp;Because of the way of reading from the image, which base on\u0026nbsp;32-bit unsigned integer value, it can result to\u0026nbsp;an integer overflow.\u0026nbsp;An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\u003cbr\u003e\u003cbr\u003e Affected git version from\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ec2f286820471ed276c57e603762bd831873e5a17 until (not\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\n\n Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not\u00a0\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-92",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-92 Forced Integer Overflow"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-19T16:43:18.206Z",
        "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "shortName": "ASRG"
      },
      "references": [
        {
          "url": "https://asrg.io/security-advisories/CVE-2024-1633/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "FIP Header Integer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
    "assignerShortName": "ASRG",
    "cveId": "CVE-2024-1633",
    "datePublished": "2024-02-19T16:42:29.949Z",
    "dateReserved": "2024-02-19T16:36:31.290Z",
    "dateUpdated": "2024-08-01T18:48:20.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1580 (GCVE-0-2024-1580)

Vulnerability from cvelistv5 – Published: 2024-02-19 10:34 – Updated: 2025-02-13 17:32
VLAI
Title
Integer overflow in VideoLAN dav1d
Summary
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
VideoLAN dav1d Affected: 0 , < 1.4.0 (custom)
Create a notification for this product.
Date Public
2024-02-15 11:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1580",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T15:24:40.372465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T15:25:01.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214098"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214097"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214095"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214093"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214096"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214094"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/41"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/39"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "dav1d",
          "repo": "https://code.videolan.org/videolan/dav1d",
          "vendor": "VideoLAN",
          "versions": [
            {
              "lessThan": "1.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-02-15T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-27T18:05:51.666Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0"
        },
        {
          "url": "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/"
        },
        {
          "url": "https://support.apple.com/kb/HT214098"
        },
        {
          "url": "https://support.apple.com/kb/HT214097"
        },
        {
          "url": "https://support.apple.com/kb/HT214095"
        },
        {
          "url": "https://support.apple.com/kb/HT214093"
        },
        {
          "url": "https://support.apple.com/kb/HT214096"
        },
        {
          "url": "https://support.apple.com/kb/HT214094"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/41"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/36"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/38"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/37"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/40"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/39"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow in VideoLAN dav1d",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2024-1580",
    "datePublished": "2024-02-19T10:34:55.113Z",
    "dateReserved": "2024-02-16T12:23:14.335Z",
    "dateUpdated": "2025-02-13T17:32:17.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1305 (GCVE-0-2024-1305)

Vulnerability from cvelistv5 – Published: 2024-07-08 17:27 – Updated: 2024-08-23 03:55
VLAI
Summary
tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
OpenVPN tap-windows6 Affected: 9.26 or earlier
Create a notification for this product.
OpenVPN OpenVPN-GUI Affected: 2.6.9 and earlier
Create a notification for this product.
openvpn openvpn_gui Affected: 0 , ≤ 2.6.9 (custom)
    cpe:2.3:a:openvpn:openvpn_gui:*:*:*:*:*:*:*:*
Create a notification for this product.
openvpn tap_windows6 Affected: 0 , ≤ 9.26 (custom)
    cpe:2.3:a:openvpn:tap_windows6:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openvpn:openvpn_gui:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openvpn_gui",
            "vendor": "openvpn",
            "versions": [
              {
                "lessThanOrEqual": "2.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:openvpn:tap_windows6:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tap_windows6",
            "vendor": "openvpn",
            "versions": [
              {
                "lessThanOrEqual": "9.26",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-1305",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-23T03:55:36.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:33:25.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-1305"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "tap-windows6",
          "vendor": "OpenVPN",
          "versions": [
            {
              "status": "affected",
              "version": "9.26 or earlier"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "tap-windows6"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "OpenVPN-GUI",
          "vendor": "OpenVPN",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.9 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tap-windows6 driver version 9.26 and earlier does not properly \ncheck the size data of incomming write operations which an attacker can \nuse to overflow memory buffers, resulting in a bug check and potentially\n arbitrary code execution in kernel space"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-08T17:27:44.097Z",
        "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
        "shortName": "OpenVPN"
      },
      "references": [
        {
          "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-1305"
        },
        {
          "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
    "assignerShortName": "OpenVPN",
    "cveId": "CVE-2024-1305",
    "datePublished": "2024-07-08T17:27:44.097Z",
    "dateReserved": "2024-02-07T13:22:25.493Z",
    "dateUpdated": "2024-08-23T03:55:36.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Requirements

Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Implementation

Strategy: Input Validation

  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
Implementation
  • Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.