Search
Find a vulnerability
Search criteria
2 vulnerabilities found for electric_fr_configurator2_firmware by mitsubishielectric
CVE-2019-10976 (GCVE-0-2019-10976)
Vulnerability from nvd – Published: 2019-07-25 23:27 – Updated: 2024-08-04 22:40
VLAI
EPSS
VEX
Summary
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.
Severity
No CVSS data available.
CWE
- CWE-611 - IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-204-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric | Mitsubishi Electric FR Configurator2 |
Affected:
Version 1.16S and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric FR Configurator2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 1.16S and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T23:27:48.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric FR Configurator2",
"version": {
"version_data": [
{
"version_value": "Version 1.16S and prior"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10976",
"datePublished": "2019-07-25T23:27:48.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10976 (GCVE-0-2019-10976)
Vulnerability from cvelistv5 – Published: 2019-07-25 23:27 – Updated: 2024-08-04 22:40
VLAI
EPSS
VEX
Summary
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.
Severity
No CVSS data available.
CWE
- CWE-611 - IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-204-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric | Mitsubishi Electric FR Configurator2 |
Affected:
Version 1.16S and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric FR Configurator2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 1.16S and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T23:27:48.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric FR Configurator2",
"version": {
"version_data": [
{
"version_value": "Version 1.16S and prior"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10976",
"datePublished": "2019-07-25T23:27:48.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}