Search

Find a vulnerability

Search criteria

    1 vulnerability found for MELSEC iQ-R Series C Controller Module by Mitsubishi Electric

    JVNDB-2020-001591

    Vulnerability from jvndb - Published: 2020-02-18 12:10 - Updated:2020-02-18 12:10
    Summary
    Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000
    Details
    MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the vulnerabilities called "URGENT/11" in TCP/IP function (IPnet) of VxWorks, a real-time OS distributed by Wind River. * Q24DHCCPU-V and Q24DHCCPU-VG * Buffer Error (CWE-119) - CVE-2019-12255 * Buffer Error (CWE-119) - CVE-2019-12257 * Session Fixation (CWE-384) - CVE-2019-12258 * NULL Pointer Dereference (CWE-476) - CVE-2019-12259 * Buffer Error (CWE-119) - CVE-2019-12261 * Improper Access Control (CWE-284) - CVE-2019-12262 * Buffer Error (CWE-119) - CVE-2019-12263 * Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264 * Improper Management of System Resources (CWE-399) - CVE-2019-12265 * R12CCPU-V and RD55UP06-V * Buffer Error (CWE-119) - CVE-2019-12256 * Session Fixation (CWE-384) - CVE-2019-12258 * NULL Pointer Dereference (CWE-476) - CVE-2019-12259 * Buffer Error (CWE-119) - CVE-2019-12261 * Improper Access Control (CWE-284) - CVE-2019-12262 * Buffer Error (CWE-119) - CVE-2019-12263 * Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264 * Improper Management of System Resources (CWE-399) - CVE-2019-12265 * MI5122-VW * Buffer Error (CWE-119) - CVE-2019-12256 * Session Fixation (CWE-384) - CVE-2019-12258 * NULL Pointer Dereference (CWE-476) - CVE-2019-12259 * Buffer Error (CWE-119) - CVE-2019-12260 * Buffer Error (CWE-119) - CVE-2019-12261 * Improper Access Control (CWE-284) - CVE-2019-12262 * Buffer Error (CWE-119) - CVE-2019-12263 * Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264 * Improper Management of System Resources (CWE-399) - CVE-2019-12265 For the details, refer to the information provided by the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-001591.html",
      "dc:date": "2020-02-18T12:10+09:00",
      "dcterms:issued": "2020-02-18T12:10+09:00",
      "dcterms:modified": "2020-02-18T12:10+09:00",
      "description": "MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the vulnerabilities called \"URGENT/11\" in TCP/IP function (IPnet) of VxWorks, a real-time OS distributed by Wind River.\r\n\r\n  * Q24DHCCPU-V and Q24DHCCPU-VG\r\n      * Buffer Error (CWE-119) - CVE-2019-12255\r\n      * Buffer Error (CWE-119) - CVE-2019-12257\r\n      * Session Fixation (CWE-384) - CVE-2019-12258\r\n      * NULL Pointer Dereference (CWE-476) - CVE-2019-12259\r\n      * Buffer Error (CWE-119) - CVE-2019-12261\r\n      * Improper Access Control (CWE-284) - CVE-2019-12262\r\n      * Buffer Error (CWE-119) - CVE-2019-12263\r\n      * Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) (CWE-88) - CVE-2019-12264\r\n      * Improper Management of System Resources (CWE-399) - CVE-2019-12265\r\n\r\n  * R12CCPU-V and RD55UP06-V\r\n      * Buffer Error (CWE-119) - CVE-2019-12256\r\n      * Session Fixation (CWE-384) - CVE-2019-12258\r\n      * NULL Pointer Dereference (CWE-476) - CVE-2019-12259\r\n      * Buffer Error (CWE-119) - CVE-2019-12261\r\n      * Improper Access Control (CWE-284) - CVE-2019-12262\r\n      * Buffer Error (CWE-119) - CVE-2019-12263\r\n      * Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) (CWE-88) - CVE-2019-12264\r\n      * Improper Management of System Resources (CWE-399) - CVE-2019-12265\r\n\r\n  * MI5122-VW\r\n      * Buffer Error (CWE-119) - CVE-2019-12256\r\n      * Session Fixation (CWE-384) - CVE-2019-12258\r\n      * NULL Pointer Dereference (CWE-476) - CVE-2019-12259\r\n      * Buffer Error (CWE-119) - CVE-2019-12260\r\n      * Buffer Error (CWE-119) - CVE-2019-12261\r\n      * Improper Access Control (CWE-284) - CVE-2019-12262\r\n      * Buffer Error (CWE-119) - CVE-2019-12263\r\n      * Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) (CWE-88) - CVE-2019-12264\r\n      * Improper Management of System Resources (CWE-399) - CVE-2019-12265\r\n\r\nFor the details, refer to the information provided by the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-001591.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:mitsubishielectric:melipc_series_mi5000",
          "@product": "MELIPC Series MI5000",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mitsubishielectric:melsec-q_series_c_controller_module",
          "@product": "MELSEC-Q Series C Controller Module",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mitsubishielectric:melsec_iq-r_series_c_controller_module",
          "@product": "MELSEC iQ-R Series C Controller Module",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mitsubishielectric:melsec_iq-r_series_c_intelligent_function_module",
          "@product": "MELSEC iQ-R Series C Intelligent Function Module",
          "@vendor": "Mitsubishi Electric",
          "@version": "2.2"
        }
      ],
      "sec:identifier": "JVNDB-2020-001591",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU95424547/index.html",
          "@id": "JVNVU#95424547",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5531",
          "@id": "CVE-2020-5531",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5531",
          "@id": "CVE-2020-5531",
          "@source": "NVD"
        },
        {
          "#text": "https://www.us-cert.gov/ics/advisories/icsa-19-274-01",
          "@id": "ICSA-19-274-01",
          "@source": "ICS-CERT ADVISORY"
        },
        {
          "#text": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/",
          "@id": "TCP/IP Network Stack (IPnet, Urgent/11)",
          "@source": "Related document"
        }
      ],
      "title": "Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000"
    }