Search

Find a vulnerability

Search criteria

    90 vulnerabilities by Mitsubishi Electric

    JVNDB-2026-000017

    Vulnerability from jvndb - Published: 2026-02-03 14:57 - Updated:2026-02-05 14:41
    Severity
    Summary
    Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
    Details
    Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability.
    • Incorrect default permissions (CWE-276) - CVE-2025-10314
    Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000017.html",
      "dc:date": "2026-02-05T14:41+09:00",
      "dcterms:issued": "2026-02-03T14:57+09:00",
      "dcterms:modified": "2026-02-05T14:41+09:00",
      "description": "Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability.\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2025-10314\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000017.html",
      "sec:cpe": {
        "#text": "cpe:/a:mitsubishielectric:freqship-mini",
        "@product": "FREQSHIP-mini",
        "@vendor": "Mitsubishi Electric",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000017",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN64883963/index.html",
          "@id": "JVN#64883963",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-10314",
          "@id": "CVE-2025-10314",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-01",
          "@id": "ICSA-26-034-01",
          "@source": "ICS-CERT ADVISORY"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows"
    }

    VAR-201902-0127

    Vulnerability from variot - Updated: 2025-06-27 23:05

    Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan's Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0127",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "q06udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q100udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q26udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q13udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q04udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q26udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q04udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q20udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q10udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q06udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q06udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q26udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q13udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q04udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q03udecpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q50udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q03udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q13udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q03udecpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q03udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q04udpvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q04udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q06udpvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q06udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q13udpvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q13udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q26udpvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q26udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric q04/06/13/26udpvcpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20081"
          },
          {
            "model": "electric q04/06/10/13/20/26/50/100udehcpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20101"
          },
          {
            "model": "electric q03udecpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20101"
          },
          {
            "model": "electric q03/04/06/13/26udvcpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20081"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q03udecpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q03udvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q04udpvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q04udvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q06udpvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q06udvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q13udpvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q13udvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q26udpvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q26udvcpu_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tri Quach of Amazon???s Customer Fulfillment Technology Security (CFTS),Tri Quach of Amazon???s Customer Fulfillment Technology Security (CFTS)",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-6535",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-6535",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-157970",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-6535",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-6535",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6535",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2019-6535",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6535",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-973",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-157970",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan\u0027s Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6535",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-029-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "106771",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973",
            "trust": 0.7
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-98808",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-157970",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "id": "VAR-201902-0127",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          }
        ],
        "trust": 0.85
      },
      "last_update_date": "2025-06-27T23:05:24.314000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC-Q\u30b7\u30ea\u30fc\u30ba",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/fa/products/cnt/plcq/items/index.html"
          },
          {
            "title": "Multiple Misubishi Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89040"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-029-02"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/106771"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6535"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6535"
          },
          {
            "trust": 0.3,
            "url": "http://www.mitsubishi-automation.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "date": "2019-01-29T00:00:00",
            "db": "BID",
            "id": "106771"
          },
          {
            "date": "2019-03-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "date": "2019-01-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "date": "2019-02-05T19:29:00.243000",
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "date": "2019-01-29T00:00:00",
            "db": "BID",
            "id": "106771"
          },
          {
            "date": "2019-03-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "date": "2025-06-26T18:15:21.017000",
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Mitsubishi Electric Q Vulnerability related to resource depletion in series products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0077

    Vulnerability from variot - Updated: 2025-04-20 23:34

    An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0077",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "electric qj71e71-100",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric qj71e71-b2",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric qj71e71-b5",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 100",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 b5",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 b2",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b5_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vladimir Dashchenko of Critical Infrastructure Defense Team",
        "sources": [
          {
            "db": "BID",
            "id": "94632"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-8370",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8370",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-007661",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-11833",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e9b21e03-b557-44eb-b380-01d11c51c00c",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-97190",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8370",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 8.6,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-007661",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8370",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-007661",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-11833",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-463",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e9b21e03-b557-44eb-b380-01d11c51c00c",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97190",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8370",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-336-03",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "94632",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99901500",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E9B21E03-B557-44EB-B380-01D11C51C00C",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "id": "VAR-201702-0077",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          }
        ],
        "trust": 1.7055555333333334
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:34:29.489000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/JVNVU99901500/479518/index.html"
          },
          {
            "title": "Multiple Mitsubishi Electric MELSEC-Q series products have patches for security bypass vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/84929"
          },
          {
            "title": "Multiple Mitsubishi Electric Automation MELSEC-Q Repair measures for series product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67753"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-327",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-412",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94632"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99901500/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-05T00:00:00",
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "date": "2016-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "BID",
            "id": "94632"
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "date": "2017-02-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "date": "2017-02-13T21:59:01.220000",
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "date": "2017-03-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "date": "2016-12-20T00:06:00",
            "db": "BID",
            "id": "94632"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "date": "2021-05-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric  MELSEC-Q Series  Ethernet Multiple vulnerabilities in interface module",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0075

    Vulnerability from variot - Updated: 2025-04-20 23:34

    An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. Attackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0075",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "electric qj71e71-100",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric qj71e71-b2",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric qj71e71-b5",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 100",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 b5",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 b2",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b5_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vladimir Dashchenko of Critical Infrastructure Defense Team",
        "sources": [
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-8368",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8368",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-007661",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-11832",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-97188",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8368",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 8.6,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-007661",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8368",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-007661",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-11832",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201612-009",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97188",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. \nAttackers can exploit these issues to perform unauthorized  actions or cause  denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8368",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-336-03",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "94632",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99901500",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "218C8DDF-AE70-4D34-AB2C-7271D1A5A80F",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "id": "VAR-201702-0075",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          }
        ],
        "trust": 1.7055555333333334
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:34:29.448000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/JVNVU99901500/479518/index.html"
          },
          {
            "title": "Patches for multiple service violations in multiple Mitsubishi Electric MELSEC-Q series products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/84928"
          },
          {
            "title": "Mitsubishi Electric MELSEC-Q Series Product Security Bypass Vulnerabilities and Remediation Measures for Denial of Service Vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65991"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-662",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.9
          },
          {
            "problemtype": "CWE-412",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-327",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94632"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99901500/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-05T00:00:00",
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "BID",
            "id": "94632"
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "date": "2016-12-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "date": "2017-02-13T21:59:01.173000",
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "date": "2017-03-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "date": "2016-12-20T00:06:00",
            "db": "BID",
            "id": "94632"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "date": "2021-09-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric  MELSEC-Q Series  Ethernet Multiple vulnerabilities in interface module",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201510-0694

    Vulnerability from variot - Updated: 2025-04-12 23:27

    The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. Mitsubishi Electric MELSEC FX3G PLC is a programmable logic controller (PLC) product of the MELSEC FX series from Mitsubishi Electric Corporation of Japan. Mitsubishi Melsec FX3G-24M and FX3U-ENET-ADP are prone to multiple denial-of-service vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0694",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "melsec fx3g",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec fx3g series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "(2015 year  4 before the month )"
          },
          {
            "model": "electric europe b.v. melsec fx3g plc",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec fx3g-24m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "2.10"
          },
          {
            "model": "electric melsec fx3g series plc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric fx3u-enet-adp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "1.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "melsec fx3g",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "db": "BID",
            "id": "76885"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3938"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:mitsubishielectric:melsec_fx3g",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ralf Spenneberg",
        "sources": [
          {
            "db": "BID",
            "id": "76885"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-3938",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-3938",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-06525",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "7090b600-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-3938",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-3938",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-06525",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-031",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7090b600-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3938"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. Mitsubishi Electric MELSEC FX3G PLC is a programmable logic controller (PLC) product of the MELSEC FX series from Mitsubishi Electric Corporation of Japan. Mitsubishi Melsec FX3G-24M and FX3U-ENET-ADP are  prone to multiple denial-of-service vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "db": "BID",
            "id": "76885"
          },
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-3938",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-146-01",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "76885",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "7090B600-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "db": "BID",
            "id": "76885"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3938"
          }
        ]
      },
      "id": "VAR-201510-0694",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          }
        ],
        "trust": 1.59166665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:27:32.620000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/"
          },
          {
            "title": "\u30b7\u30fc\u30b1\u30f3\u30b5 MELSEC",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/fa/products/cnt/plc/index.html"
          },
          {
            "title": "Mitsubishi Electric MELSEC FX3G PLC Device Resource Management Error Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/65065"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3938"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-146-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3938"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3938"
          },
          {
            "trust": 0.3,
            "url": "http://www.os-s.net/advisories/mitsubishi_fx3ge_parameter_error-engl.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.mitsubishi-automation.com/products/software_mx_components_content.htm"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "db": "BID",
            "id": "76885"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3938"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "db": "BID",
            "id": "76885"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3938"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-10-15T00:00:00",
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76885"
          },
          {
            "date": "2015-10-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "date": "2015-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          },
          {
            "date": "2015-10-06T01:59:07.157000",
            "db": "NVD",
            "id": "CVE-2015-3938"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "date": "2015-11-03T19:51:00",
            "db": "BID",
            "id": "76885"
          },
          {
            "date": "2015-10-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-005088"
          },
          {
            "date": "2015-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-3938"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MELSEC FX3G PLC Device Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06525"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "7090b600-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-031"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201209-0581

    Vulnerability from variot - Updated: 2025-04-11 23:20

    Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. CitectSCADA is software for providing monitoring and control functions in the Data Acquisition and Monitoring System (SCADA). A buffer overflow vulnerability exists in CitectSCADA and Mitsubishi MX4 SCADA version 7.10. This vulnerability affects the Batch server module, which can be exploited by an attacker to run arbitrary code in the context of an application, and a failed attack attempt will result in a denial of service. CitectSCADA is an industrial control software used by Mitsubishi MX4 and Schneider Electric. Careful construction of string data can execute arbitrary code in the application context. CitectSCADA and Mitsubishi MX4 SCADA are prone to a buffer-overflow vulnerability that affects the Batch server module. Failed exploit attempts will result in a denial-of-service condition. The following versions are vulnerable: CitectSCADA 7.10 and prior Mitsubishi MX4 SCADA 7.10 and prior. Citectscada is prone to a local security vulnerability. ----------------------------------------------------------------------

    Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

    Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/


    TITLE: Schneider Electric CitectSCADA Batch Server Login Buffer Overflow Vulnerability

    SECUNIA ADVISORY ID: SA46779

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46779/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46779

    RELEASE DATE: 2011-11-09

    DISCUSS ADVISORY: http://secunia.com/advisories/46779/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/46779/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=46779

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in Schneider Electric CitectSCADA, which can be exploited by malicious people to compromise a vulnerable system.

    Successful exploitation may allow execution of arbitrary code.

    SOLUTION: Update to a fixed version. Please contact the vendor for details.

    PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Taiwan\x92s Information and Communication Security Technology Center (ICST).

    ORIGINAL ADVISORY: CitectSCADA: http://www.citect.com/citectscada-batch

    ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    .

    The application bundles a vulnerable version of CitectSCADA

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201209-0581",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mx4 scada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishi automation",
            "version": "7.10"
          },
          {
            "model": "citectscada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "schneider electric",
            "version": "7.10"
          },
          {
            "model": "mx4 scada",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi automation",
            "version": "7.10"
          },
          {
            "model": "electric citectscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider",
            "version": "7.1"
          },
          {
            "model": "citectscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "7.20"
          },
          {
            "model": "mx4 scada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "7.20"
          },
          {
            "model": "citectscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "citect",
            "version": "7.x"
          },
          {
            "model": "electric citectscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider",
            "version": "7.10"
          },
          {
            "model": "electric mx4 scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "7.10"
          },
          {
            "model": "citectscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": "7.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "mx4 scada",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "citectscada",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "citect",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "citectscada",
            "version": "7.x"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "db": "BID",
            "id": "50604"
          },
          {
            "db": "BID",
            "id": "77854"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5163"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:citectscada",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:mx4_scada",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kuang-Chun Hung",
        "sources": [
          {
            "db": "BID",
            "id": "50604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-254"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2011-5163",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2011-5163",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2011-5807",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "5faca590-2353-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-53108",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-5163",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-5163",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2011-5807",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201209-330",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "5faca590-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-53108",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "VULHUB",
            "id": "VHN-53108"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5163"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. CitectSCADA is software for providing monitoring and control functions in the Data Acquisition and Monitoring System (SCADA). A buffer overflow vulnerability exists in CitectSCADA and Mitsubishi MX4 SCADA version 7.10. This vulnerability affects the Batch server module, which can be exploited by an attacker to run arbitrary code in the context of an application, and a failed attack attempt will result in a denial of service. CitectSCADA is an industrial control software used by Mitsubishi MX4 and Schneider Electric. Careful construction of string data can execute arbitrary code in the application context. CitectSCADA and Mitsubishi MX4 SCADA are prone to a buffer-overflow vulnerability that affects the Batch server module. Failed exploit attempts will result in a denial-of-service  condition. \nThe following versions are vulnerable:\nCitectSCADA 7.10 and prior\nMitsubishi MX4 SCADA 7.10 and prior. Citectscada is prone to a local security vulnerability. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nSchneider Electric CitectSCADA Batch Server Login Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46779\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46779/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779\n\nRELEASE DATE:\n2011-11-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46779/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46779/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Schneider Electric CitectSCADA,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nSOLUTION:\nUpdate to a fixed version. Please contact the vendor for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Taiwan\\x92s Information and\nCommunication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nCitectSCADA:\nhttp://www.citect.com/citectscada-batch\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe application bundles a vulnerable version of CitectSCADA",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-5163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "db": "BID",
            "id": "50604"
          },
          {
            "db": "BID",
            "id": "77854"
          },
          {
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-53108"
          },
          {
            "db": "PACKETSTORM",
            "id": "106802"
          },
          {
            "db": "PACKETSTORM",
            "id": "106806"
          }
        ],
        "trust": 4.05
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-11-279-02",
            "trust": 3.9
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5163",
            "trust": 3.0
          },
          {
            "db": "SECUNIA",
            "id": "46779",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1026306",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "46786",
            "trust": 1.9
          },
          {
            "db": "OSVDB",
            "id": "76937",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "50604",
            "trust": 1.5
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201209-330",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-254",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "77854",
            "trust": 0.4
          },
          {
            "db": "IVD",
            "id": "5FACA590-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "B0D03A04-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "65AE310C-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-53108",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106802",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106806",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "db": "VULHUB",
            "id": "VHN-53108"
          },
          {
            "db": "BID",
            "id": "50604"
          },
          {
            "db": "BID",
            "id": "77854"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "db": "PACKETSTORM",
            "id": "106802"
          },
          {
            "db": "PACKETSTORM",
            "id": "106806"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5163"
          }
        ]
      },
      "id": "VAR-201209-0581",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "db": "VULHUB",
            "id": "VHN-53108"
          }
        ],
        "trust": 2.638095215
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:20:36.883000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CitectScada V7.20 Service Pack 3",
            "trust": 0.8,
            "url": "http://www.downloads.schneider-electric.com/sites/oreo/ww/document-detail.page?p_docId=4660520\u0026p_Conf=i#http://www.downloads.schneider-electric.com"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/"
          },
          {
            "title": "\u30b5\u30dd\u30fc\u30c8",
            "trust": 0.8,
            "url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
          },
          {
            "title": "Mitsubishi MX4 SCADA",
            "trust": 0.8,
            "url": "http://www.mitsubishi-automation.com/products/software_MX4_content.htm"
          },
          {
            "title": "Product Safety Notice",
            "trust": 0.8,
            "url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=MX4,SCADA"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
          },
          {
            "title": "Patch for CitectSCADA and Mitsubishi MX4 SCADA Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/36929"
          },
          {
            "title": "Patch for Schneider Electric/Mitsubishi MX4 CitectSCADA Batch Server Login Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/5857"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-53108"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5163"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-02.pdf"
          },
          {
            "trust": 2.1,
            "url": "http://www.citect.com/citectscada-batch"
          },
          {
            "trust": 2.0,
            "url": "http://www.securitytracker.com/id?1026306"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/76937"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/46779"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/46786"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/50604"
          },
          {
            "trust": 1.0,
            "url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=mx4%2cscada"
          },
          {
            "trust": 0.9,
            "url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=mx4,scada"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5163"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5163"
          },
          {
            "trust": 0.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-02.pdfhttp"
          },
          {
            "trust": 0.3,
            "url": "http://www.citect.com/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
          },
          {
            "trust": 0.1,
            "url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026amp;doc_type=safety\u0026amp;scat=2\u0026amp;sstr=mx4,scada"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46779/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46779/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46786"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46786/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://my.mitsubishi-automation.com/downloads/view/doc_loc/8879/91516012-eb50-11e0-98c9-0022195266d5_psn2011-0001a.pdf"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46786/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "db": "VULHUB",
            "id": "VHN-53108"
          },
          {
            "db": "BID",
            "id": "50604"
          },
          {
            "db": "BID",
            "id": "77854"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "db": "PACKETSTORM",
            "id": "106802"
          },
          {
            "db": "PACKETSTORM",
            "id": "106806"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5163"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "db": "VULHUB",
            "id": "VHN-53108"
          },
          {
            "db": "BID",
            "id": "50604"
          },
          {
            "db": "BID",
            "id": "77854"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "db": "PACKETSTORM",
            "id": "106802"
          },
          {
            "db": "PACKETSTORM",
            "id": "106806"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5163"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-09-19T00:00:00",
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-11-11T00:00:00",
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-11-15T00:00:00",
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-11-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "date": "2011-11-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "date": "2012-09-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-53108"
          },
          {
            "date": "2011-11-08T00:00:00",
            "db": "BID",
            "id": "50604"
          },
          {
            "date": "2012-09-15T00:00:00",
            "db": "BID",
            "id": "77854"
          },
          {
            "date": "2012-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "date": "2011-11-09T03:05:37",
            "db": "PACKETSTORM",
            "id": "106802"
          },
          {
            "date": "2011-11-09T06:29:18",
            "db": "PACKETSTORM",
            "id": "106806"
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-254"
          },
          {
            "date": "2012-09-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          },
          {
            "date": "2012-09-15T17:55:04.287000",
            "db": "NVD",
            "id": "CVE-2011-5163"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-11-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "date": "2011-11-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4804"
          },
          {
            "date": "2012-12-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-53108"
          },
          {
            "date": "2015-03-19T09:43:00",
            "db": "BID",
            "id": "50604"
          },
          {
            "date": "2012-09-15T00:00:00",
            "db": "BID",
            "id": "77854"
          },
          {
            "date": "2012-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005156"
          },
          {
            "date": "2011-11-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-254"
          },
          {
            "date": "2012-09-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-5163"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "77854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CitectSCADA and Mitsubishi MX4 SCADA Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-5807"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-254"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "5faca590-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201209-330"
          }
        ],
        "trust": 1.8
      }
    }

    VAR-201304-0435

    Vulnerability from variot - Updated: 2025-04-11 23:16

    Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Mitsubishi MX Component ActiveX dynamic link library for PC software and Mitsubishi FX/A/Q series links. Mitsubishi MX is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. CitectFacilities is an open and comprehensive facilities management solution designed specifically for managing large built environments. CitectSCADA is software used to provide monitoring and control functions in a supervisory control and data acquisition system (SCADA). There are multiple buffer overflow vulnerabilities in the ActUWzd.dll file version 1.0.0.1 in this component

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201304-0435",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "citectfacilities",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "schneider electric",
            "version": "7.10"
          },
          {
            "model": "citectscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "schneider electric",
            "version": "7.10"
          },
          {
            "model": "mx component",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi automation",
            "version": "3"
          },
          {
            "model": "citectscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "schneider electric",
            "version": "7.10r1"
          },
          {
            "model": "mx component",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "3 of  actuwzd.dll 1.0.0.1"
          },
          {
            "model": "electric mitsubishi mx activex component",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "schneider",
            "version": "3"
          },
          {
            "model": "citectscada 7.10r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "schneider electric",
            "version": null
          },
          {
            "model": "electric mx component version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "30"
          },
          {
            "model": "electric mx component",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "4.03"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "mitsubishi mx component",
            "version": "3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "citectfacilities",
            "version": "7.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "citectscada",
            "version": "7.10"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "db": "BID",
            "id": "58692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3075"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:citectfacilities",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:schneider_electric:citectscada",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:mitsubishi_mx_component",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr_IDE",
        "sources": [
          {
            "db": "BID",
            "id": "58692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-494"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-3075",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-3075",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2013-02230",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "fab9ddba-2352-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-63077",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-3075",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-3075",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-02230",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201304-439",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "fab9ddba-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-63077",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "db": "VULHUB",
            "id": "VHN-63077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3075"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Mitsubishi MX Component ActiveX dynamic link library for PC software and Mitsubishi FX/A/Q series links. Mitsubishi MX is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. CitectFacilities is an open and comprehensive facilities management solution designed specifically for managing large built environments. CitectSCADA is software used to provide monitoring and control functions in a supervisory control and data acquisition system (SCADA). There are multiple buffer overflow vulnerabilities in the ActUWzd.dll file version 1.0.0.1 in this component",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-3075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "db": "BID",
            "id": "58692"
          },
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-63077"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-63077",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-63077"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-3075",
            "trust": 3.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "24886",
            "trust": 2.3
          },
          {
            "db": "BID",
            "id": "58692",
            "trust": 1.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-140-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT ALERT",
            "id": "ICS-ALERT-13-091-01",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201304-439",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-494",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "FAB9DDBA-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-78572",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-63077",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "db": "VULHUB",
            "id": "VHN-63077"
          },
          {
            "db": "BID",
            "id": "58692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-494"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3075"
          }
        ]
      },
      "id": "VAR-201304-0435",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "db": "VULHUB",
            "id": "VHN-63077"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:16:38.083000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/"
          },
          {
            "title": "\u30b5\u30dd\u30fc\u30c8",
            "trust": 0.8,
            "url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
          },
          {
            "title": "MX Component",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/fa/products/cnt/plceng/lineup/mx_component/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-63077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3075"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.exploit-db.com/exploits/24886/"
          },
          {
            "trust": 1.1,
            "url": "http://ics-cert.us-cert.gov/pdf/ics-alert-13-091-01.pdf"
          },
          {
            "trust": 1.1,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-140-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3075"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3075"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/58692"
          },
          {
            "trust": 0.3,
            "url": "http://www.intelliscada.com/services_facilities.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.citect.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mitsubishi-automation.com/products/software_mx_components_content.htm"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "db": "VULHUB",
            "id": "VHN-63077"
          },
          {
            "db": "BID",
            "id": "58692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-494"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3075"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "db": "VULHUB",
            "id": "VHN-63077"
          },
          {
            "db": "BID",
            "id": "58692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-494"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3075"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-03-27T00:00:00",
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-03-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "date": "2013-04-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-63077"
          },
          {
            "date": "2013-03-25T00:00:00",
            "db": "BID",
            "id": "58692"
          },
          {
            "date": "2013-04-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "date": "2013-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "date": "2013-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201303-494"
          },
          {
            "date": "2013-04-19T11:44:29.280000",
            "db": "NVD",
            "id": "CVE-2013-3075"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-03-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "date": "2013-05-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-63077"
          },
          {
            "date": "2015-03-19T08:08:00",
            "db": "BID",
            "id": "58692"
          },
          {
            "date": "2013-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-002424"
          },
          {
            "date": "2013-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "date": "2013-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201303-494"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-3075"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-494"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi MX Component ActiveX Control \u0027ActUWzd.dll\u0027 Remote Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-02230"
          },
          {
            "db": "BID",
            "id": "58692"
          }
        ],
        "trust": 1.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201304-439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-494"
          }
        ],
        "trust": 1.4
      }
    }

    VAR-201402-0087

    Vulnerability from variot - Updated: 2025-04-11 23:14

    An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Mitsubishi MC-WorkX is a factory automation application tool. Mitsubishi MC-WorX is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Mitsubishi MC-WorX 8.02 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0087",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mc-worx suite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "8.02"
          },
          {
            "model": "mc worx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "8.02"
          },
          {
            "model": "electric europe b.v. mc-worx",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "8.x"
          },
          {
            "model": "mc-worx suite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": "8.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "mc worx suite",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:mc-worx_suite",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Blake",
        "sources": [
          {
            "db": "BID",
            "id": "62414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-2817",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2013-2817",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2013-13110",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "33985888-2352-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-2817",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-2817",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-13110",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201309-279",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "33985888-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Mitsubishi MC-WorkX is a factory automation application tool. Mitsubishi MC-WorX is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nMitsubishi MC-WorX 8.02 is vulnerable;  other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "BID",
            "id": "62414"
          },
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-2817",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-051-02",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "62414",
            "trust": 1.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "54852",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "28284",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "33985888-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "BID",
            "id": "62414"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "id": "VAR-201402-0087",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:14:40.460000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MC Works",
            "trust": 0.8,
            "url": "http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works"
          },
          {
            "title": "IcoLaunchPatch_PlaceInBinFolder",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48278"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.meau.com/eprise/main/sites/public/products/software/-mc_works"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2817"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2817"
          },
          {
            "trust": 0.6,
            "url": "http://www.exploit-db.com/exploits/28284/"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/54852"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/62414"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "BID",
            "id": "62414"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-18T00:00:00",
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "date": "2013-09-15T00:00:00",
            "db": "BID",
            "id": "62414"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "date": "2013-09-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "date": "2014-02-24T04:48:09.757000",
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "date": "2014-02-25T07:51:00",
            "db": "BID",
            "id": "62414"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi MC-WorX \u0027IcoLaunch.dll\u0027\u0027 ActiveX Control Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "BID",
            "id": "62414"
          }
        ],
        "trust": 1.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code injection",
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-200803-0395

    Vulnerability from variot - Updated: 2025-04-10 23:01

    servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. The Mitsubishi Electric GB-50A is prone to multiple authentication-bypass vulnerabilities. Successful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0395",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "gb",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "mitsubishi electric",
            "version": "50"
          },
          {
            "model": "gb",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "mitsubishi electric",
            "version": "50a"
          },
          {
            "model": "gb",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "(gb-50)"
          },
          {
            "model": "gb",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "(gb-50a)"
          },
          {
            "model": "electric gb-50a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "gb",
            "version": "50"
          },
          {
            "model": "50a",
            "scope": null,
            "trust": 0.2,
            "vendor": "gb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "28406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1546"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:mitsubishielectric:gb",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Chris Withers\u203b chris@simplistix.co.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2008-1546",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2008-1546",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "077962fc-23ce-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2008-1546",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2008-1546",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200803-471",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "077962fc-23ce-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1546"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. The Mitsubishi Electric GB-50A is prone to multiple authentication-bypass vulnerabilities. \nSuccessful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-1546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "db": "BID",
            "id": "28406"
          },
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2008-1546",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "28406",
            "trust": 1.9
          },
          {
            "db": "SREASON",
            "id": "3794",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20080322 HACKING THE MITSUBISHI GB-50A",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20071117 SECURITY CONTACT FOR MITSUBISHI ELECTRIC?",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "41503",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "50",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "077962FC-23CE-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "28406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1546"
          }
        ]
      },
      "id": "VAR-200803-0395",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 0.02
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          }
        ]
      },
      "last_update_date": "2025-04-10T23:01:11.005000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u7a7a\u8abf\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/hvac_r/conditioning/products/control/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-DesignError",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1546"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/28406"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/archive/1/483862/2008-03-21/threaded"
          },
          {
            "trust": 1.6,
            "url": "http://securityreason.com/securityalert/3794"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41503"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489970/100/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1546"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1546"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/41503"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/489970/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/489970"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "28406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1546"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "BID",
            "id": "28406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-1546"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-03-28T00:00:00",
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2008-03-22T00:00:00",
            "db": "BID",
            "id": "28406"
          },
          {
            "date": "2012-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "date": "2008-03-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          },
          {
            "date": "2008-03-28T23:44:00",
            "db": "NVD",
            "id": "CVE-2008-1546"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-05-07T17:32:00",
            "db": "BID",
            "id": "28406"
          },
          {
            "date": "2012-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-004278"
          },
          {
            "date": "2009-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2008-1546"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric GB-50A Java applet Remote bypass authentication vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design error",
        "sources": [
          {
            "db": "IVD",
            "id": "077962fc-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200803-471"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202502-3855

    Vulnerability from variot - Updated: 2025-03-21 23:33

    M70 BND-1000W022-K1 is a digital controller.

    Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202502-3855",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m70 bnd-1000w022-k1",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2025-04771",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2025-04771",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "M70 BND-1000W022-K1 is a digital controller.\n\nMitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ]
      },
      "id": "VAR-202502-3855",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ]
      },
      "last_update_date": "2025-03-21T23:33:33.647000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-02-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-03-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has industrial control equipment vulnerabilities",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-04771"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1188

    Vulnerability from variot - Updated: 2024-11-23 23:04

    In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1188",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "l26cpu-bt-cm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l02\\/06\\/26cpu-cm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l02\\/06\\/26cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l26cpu-bt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l02\\/06\\/26cpu-p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "q03udecpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": "l26cpu-pbt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "q03\\/04\\/06\\/13\\/26udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": "q04\\/06\\/13\\/26udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": "q04\\/06\\/10\\/13\\/20\\/26\\/50\\/100udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l02/06/26cpu"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l26cpu-bt ( top serial number 5 digits  21101  )"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l02/06/26cpu-cm"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l26cpu-bt-cm ( top serial number 5 digits  21101  )"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l02/06/26cpu-p"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l26cpu-pbt ( top serial number 5 digits  21101  )"
          },
          {
            "model": "melsec-q series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "q03/04/06/13/26udvcpu ( top serial number 5 digits  21081  )"
          },
          {
            "model": "melsec-q series cpu unit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "q03udecpu"
          },
          {
            "model": "melsec-q series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "q04/06/10/13/20/26/50/100udehcpu ( top serial number 5 digits  21081  )"
          },
          {
            "model": "melsec-q series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "q04/06/13/26udpvcpu ( top serial number 5 digits  21081  )"
          },
          {
            "model": "electric mitsubishi electric melsec-q series \u003c=q03/04/06/13/26udvcpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21081"
          },
          {
            "model": "electric mitsubishi electric melsec-q series \u003c=q04/06/13/26udpvcpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21081"
          },
          {
            "model": "electric mitsubishi electric melsec-q series \u003c=q03udecpu q04/06/10/13/20/26/50/100udehcpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21081"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l26cpu-bt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu-p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l26cpu-pbt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu-cm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l26cpu-bt-cm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "l26cpu-bt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l26cpu-bt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-pbt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "q03udecpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q03udecpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "q03 04 06 13 26udvcpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l26cpu bt cm",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "q04 06 13 26udpvcpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "q03udecpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "q04 06 10 13 20 26 50 100udehcpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l02 06 26cpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l26cpu bt",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l02 06 26cpu p",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l26cpu pbt",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l02 06 26cpu cm",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec-l_series_cpu_unit",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec-q_series_cpu_unit",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          }
        ]
      },
      "cve": "CVE-2019-13555",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-13555",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "JPCERT/CC",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-011686",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-41428",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "id": "CVE-2019-13555",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "JPCERT/CC",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-011686",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-13555",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "JPCERT/CC",
                "id": "JVNDB-2019-011686",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-41428",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-424",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-13555",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-13555",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-311-01",
            "trust": 3.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97094124",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4209",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "00D06E5F-E8D7-433D-9E94-3FF51C3E39B6",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "id": "VAR-201911-1188",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          }
        ],
        "trust": 1.7375
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:04:35.531000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC-Q\u30b7\u30ea\u30fc\u30baCPU\u3001\u304a\u3088\u3073MELSEC-L\u30b7\u30ea\u30fc\u30baCPU\u306b\u304a\u3051\u308bFTP\u30b5\u30fc\u30d0\u6a5f\u80fd\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-002.pdf"
          },
          {
            "title": "Patch for Mitsubishi Electric MELSEC-Q Series and Mitsubishi MELSEC-L Series Resource Management Error Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/191107"
          },
          {
            "title": "Mitsubishi Electric MELSEC-Q Series  and MELSEC-L Series Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103038"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13555"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13555"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu97094124"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4209/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-20T00:00:00",
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "date": "2019-11-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "date": "2019-11-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "date": "2019-11-13T23:15:11.327000",
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "date": "2019-11-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "date": "2019-12-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "date": "2019-11-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "date": "2024-11-21T04:25:08.387000",
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC-Q series  CPU Unit and  MELSEC-L series  CPU Unit  FTP Server function resource exhaustion vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202006-1511

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.

    There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "melsec-q",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-f",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec-fx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec fx series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec iq-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec iq-r series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec l series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec q series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "electric melsec fx",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec iq-r",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec iq-f",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec q",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec l",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-5594",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5594",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46802",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5594",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 10,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005854",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5594",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-005854",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46802",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1590",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5594",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91424496",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-175-01",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2176",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "id": "VAR-202006-1511",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          }
        ],
        "trust": 1.3499999919999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:33:25.234000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba   \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu91424496"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "date": "2020-06-23T08:15:10.487000",
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "date": "2020-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "date": "2024-11-21T05:34:19.893000",
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC iQ-R , iQ-F , Q , L , FX Of the series  CPU With the unit  GX Works3 and  GX Works2 Vulnerability in plaintext communication between",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201905-1060

    Vulnerability from variot - Updated: 2024-11-23 22:21

    In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan's Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following MELSEC-Q series PLCs are affected: QJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1060",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "qj71e71-100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20121"
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "( above the serial number  5 digits  20121 previous version )"
          },
          {
            "model": "electric melsec-q series plcs j71e71-100 serial number",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "\u003c=20121"
          },
          {
            "model": "electric qj71e71-100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20121"
          },
          {
            "model": "electric qj71e71-100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "18072"
          },
          {
            "model": "electric qj71e71-100",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20122"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Younes Dragoni and Alessandro Di Pinto of Nozomi Networks,Younes Dragoni and Alessandro Di Pinto of Nozomi Networks reported this vulnerability to Mitsubishi and NCCIC.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-10977",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-10977",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-003963",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-16527",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-142577",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-10977",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-003963",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-10977",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2019-003963",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-16527",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-839",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-142577",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan\u0027s Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following MELSEC-Q series PLCs are affected:\nQJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10977",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-141-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "108419",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93268101",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1867",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "id": "VAR-201905-1060",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          }
        ],
        "trust": 1.575
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:21:37.107000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u304a\u554f\u3044\u5408\u308f\u305b | \u4e09\u83f1\u96fb\u6a5f FA",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/fa/support/purchase/index.html"
          },
          {
            "title": "Patch for MitsubishiElectricMELSEC-QSeriesPLCs Remote Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/163035"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-755",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://www.securityfocus.com/bid/108419"
          },
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-141-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10977"
          },
          {
            "trust": 0.9,
            "url": "http://www.mitsubishi-automation.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10977"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93268101/"
          },
          {
            "trust": 0.6,
            "url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-10977"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.1867/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "date": "2019-05-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "date": "2019-05-21T00:00:00",
            "db": "BID",
            "id": "108419"
          },
          {
            "date": "2019-05-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "date": "2019-05-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "date": "2019-05-23T14:29:07.610000",
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "date": "2020-10-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "date": "2019-05-21T00:00:00",
            "db": "BID",
            "id": "108419"
          },
          {
            "date": "2019-05-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "date": "2024-11-21T04:20:16.957000",
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC-Q series  Ethernet Service operation interruption in the interface unit (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-1417

    Vulnerability from variot - Updated: 2024-11-23 22:16

    Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1417",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "iu1-1m20-d",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.0.7"
          },
          {
            "model": "iu1-1m20-d",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "1.0.7"
          },
          {
            "model": "electric melqic iu1",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "\u003c=1.0.7"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:iu1-1m20-d_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          }
        ]
      },
      "cve": "CVE-2020-5544",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5544",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003078",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19568",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5544",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003078",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5544",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003078",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19568",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1005",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5544",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU92370624",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "id": "VAR-202003-1417",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:16:36.325000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELQIC IU1 \u30b7\u30ea\u30fc\u30ba\u306eTCP/IP \u30b9\u30bf\u30c3\u30af\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf"
          },
          {
            "title": "Patch for Mitsubishi Electric MELQIC IU1 TCP function code issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/210995"
          },
          {
            "title": "Mitsubishi Electric MELQIC IU1 TCP Measures to fix bugs in function code problems",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112427"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://jvn.jp/en/vu/jvnvu92370624/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5544"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92370624/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5544"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "date": "2020-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "date": "2020-03-16T02:15:10.997000",
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "date": "2020-03-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "date": "2024-11-21T05:34:14.890000",
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MELQIC IU1 TCP function code issue vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0208

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "_id": null,
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "_id": null,
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "_id": null,
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "bizviz",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "energy analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "facility analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis 64",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis32",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "hyper historian",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mobilehmi",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "quality analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "smart energy analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "64"
          },
          {
            "_id": null,
            "model": "mc works 32",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "_id": null,
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:iconics:bizviz",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:energy_analytix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:facility_analytix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:genesis64",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:genesis32",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:hyper_historian",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:mobilehmi",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:quality_analytix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:smart_energy_analytix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:mc_works",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:mc_works32",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12015",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12015",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008308",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34372",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "31ad87c7-757e-410a-89c6-906cc763b446",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12015",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008308",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12015",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12015",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008308",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12015",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34372",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1209",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "31ad87c7-757e-410a-89c6-906cc763b446",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64.  Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12015",
            "trust": 4.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 2.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95379131",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10297",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "4BDA61CA-BD50-4B09-A018-05EA35FF2332",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "31AD87C7-757E-410A-89C6-906CC763B446",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "id": "VAR-202007-0208",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:11:26.711000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://iconics.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/"
          },
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/222933"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12015"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12015"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95379131/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-780/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446",
            "ident": null
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-780",
            "ident": null
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "ident": null
          },
          {
            "date": "2020-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "ident": null
          },
          {
            "date": "2020-07-16T22:15:11.493000",
            "db": "NVD",
            "id": "CVE-2020-12015",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-780",
            "ident": null
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "ident": null
          },
          {
            "date": "2020-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "ident": null
          },
          {
            "date": "2020-07-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "ident": null
          },
          {
            "date": "2024-11-21T04:59:07.153000",
            "db": "NVD",
            "id": "CVE-2020-12015",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Unreliable data deserialization vulnerabilities in multiple MC products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-1224

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.

    CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1224",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5596",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5596",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-38410",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5596",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5596",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-38410",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-305",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5596",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "id": "VAR-202007-1224",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.706000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Multiple Mitsubishi Electric product authorization issues and vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/248851"
          },
          {
            "title": "Multiple Mitsubishi Electric Product Authorization Issue Vulnerability Fixing Measures",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123230"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-384",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5596"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "date": "2020-07-07T09:15:10.153000",
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "date": "2024-11-21T05:34:20.100000",
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1223

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.

    CoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1223",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5595",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5595",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-38411",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5595",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5595",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-38411",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-304",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5595",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "id": "VAR-202007-1223",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.679000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Buffer overflow vulnerabilities in multiple Mitsubishi Electric products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/248901"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5595"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "date": "2020-07-07T09:15:10.057000",
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "date": "2024-11-21T05:34:20",
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1225

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.

    CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1225",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5597",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5597",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46801",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5597",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5597",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46801",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-306",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5597",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "id": "VAR-202007-1225",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.653000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Null pointer reference vulnerabilities in multiple Mitsubishi Electric products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231106"
          },
          {
            "title": "Multiple Mitsubishi Electric Product code issue vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123231"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5597"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "date": "2020-07-07T09:15:10.230000",
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "date": "2024-11-21T05:34:20.197000",
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1228

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.

    CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1228",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5600",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5600",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46798",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5600",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5600",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46798",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-308",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5600",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "id": "VAR-202007-1228",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.626000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Resource management errors and vulnerabilities in multiple Mitsubishi Electric products (CNVD-2020-46798)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231124"
          },
          {
            "title": "Multiple Mitsubishi Electric Product resource management error vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124077"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5600"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "date": "2020-07-07T09:15:10.450000",
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "date": "2024-11-21T05:34:20.490000",
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1226

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.

    CoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1226",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5598",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5598",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46800",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5598",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5598",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46800",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-307",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5598",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5598",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "id": "VAR-202007-1226",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.595000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Access control error vulnerabilities in multiple Mitsubishi Electric products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231115"
          },
          {
            "title": "Multiple Mitsubishi Electric Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124076"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5598"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "date": "2020-07-07T09:15:10.307000",
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "date": "2021-07-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "date": "2024-11-21T05:34:20.297000",
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1227

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.

    CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1227",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5599",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5599",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46799",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5599",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5599",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46799",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-309",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5599",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "id": "VAR-202007-1227",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.546000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Injection vulnerabilities in many Mitsubishi Electric products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231121"
          },
          {
            "title": "Multiple Mitsubishi Electric Fixing measures for product injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124078"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-88",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5599"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "date": "2020-07-07T09:15:10.370000",
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "date": "2024-11-21T05:34:20.397000",
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202011-1259

    Vulnerability from variot - Updated: 2024-11-23 22:05

    Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series CPU The unit is exhausted (CWE-400) Vulnerability exists. According to the developer, the engineering tool " Web If the "whether or not server is used" setting is set to "not used", it is not affected by this vulnerability. ( The default setting is "not used" ) .. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : NEC Corporation Tomoomi Iwata Mr. A reset is required for recovery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1259",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "melsec iq-r16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r02",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "05"
          },
          {
            "model": "melsec iq-r01",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "05"
          },
          {
            "model": "melsec iq-r02",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "19"
          },
          {
            "model": "melsec iq-r16",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r08",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r01",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "19"
          },
          {
            "model": "melsec iq-r04",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r00",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "19"
          },
          {
            "model": "melsec iq-r08",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r120",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r32",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r120",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r04",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r32",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r00",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "05"
          },
          {
            "model": "melsec iq-r series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "r00/01/02cpu \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 \"05\" \u304b\u3089 \"19\""
          },
          {
            "model": "melsec iq-r series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "r04/08/16/32/120(en)cpu \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 \"35\" \u304b\u3089 \"51\""
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          }
        ]
      },
      "cve": "CVE-2020-5666",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-5666",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 5.4,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-000072",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5666",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-000072",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5666",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-000072",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202011-1002",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from \u002705\u0027 to \u002719\u0027 and R04/08/16/32/120(EN)CPU Firmware versions from \u002735\u0027 to \u002751\u0027) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series CPU The unit is exhausted (CWE-400) Vulnerability exists. According to the developer, the engineering tool \" Web If the \"whether or not server is used\" setting is set to \"not used\", it is not affected by this vulnerability. ( The default setting is \"not used\" ) .. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : NEC Corporation Tomoomi Iwata Mr. A reset is required for recovery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN44764844",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-317-01",
            "trust": 2.4
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072",
            "trust": 1.4
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4044",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "id": "VAR-202011-1259",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2024-11-23T22:05:19.579000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC iQ-R \u30b7\u30ea\u30fc\u30ba CPU \u30e6\u30cb\u30c3\u30c8\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u62d2\u5426 (DoS) \u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-015.pdf"
          },
          {
            "title": "Mitsubishi Electric MELSEC iQ-R series Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135734"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01"
          },
          {
            "trust": 2.4,
            "url": "https://jvn.jp/jp/jvn44764844/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-015_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn44764844/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5666"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4044/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5666"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000072.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-12T03:28:15",
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "date": "2020-11-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "date": "2020-11-16T01:15:13.327000",
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-13T02:24:14",
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "date": "2020-12-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "date": "2024-11-21T05:34:26.980000",
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MELSEC iQ-R Series sequencer  CPU Resource exhaustion vulnerability in the unit",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0783

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "e-designer",
            "scope": null,
            "trust": 3.5,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "_id": null,
            "model": "e-designer",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "mitsubishielectric",
            "version": "7.52"
          },
          {
            "_id": null,
            "model": "e-designer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "7.52 build 344"
          },
          {
            "_id": null,
            "model": "electric europe b.v. e-designer build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "_id": null,
            "model": "electric e-designer build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "e designer",
            "version": "7.52"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2017-9636",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-9636",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 3.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-9636",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-22836",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-9636",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2017-9636",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-9636",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-9636",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22836",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-867",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-9636",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636"
          }
        ],
        "trust": 5.85
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9636",
            "trust": 7.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-213-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "100097",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3802",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3794",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3795",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3800",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3801",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "DE3E14C2-EB4D-4863-9A11-51565DA2E669",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "id": "VAR-201804-0783",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          }
        ],
        "trust": 1.675
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:00:37.020000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/fa/"
          },
          {
            "title": "Patch for Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability (CNVD-2017-22836)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/100853"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 6.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/100097"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9636"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9636"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636",
            "ident": null
          },
          {
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-510",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-518",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-517",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-512",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-511",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22836",
            "ident": null
          },
          {
            "date": "2018-04-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9636",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013250",
            "ident": null
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-867",
            "ident": null
          },
          {
            "date": "2018-04-17T14:29:00.417000",
            "db": "NVD",
            "id": "CVE-2017-9636",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-510",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-518",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-517",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-512",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-511",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22836",
            "ident": null
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9636",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013250",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-867",
            "ident": null
          },
          {
            "date": "2024-11-21T03:36:33.803000",
            "db": "NVD",
            "id": "CVE-2017-9636",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Mitsubishi E-Designer Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201804-0782

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Mitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0782",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "e-designer",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "mitsubishielectric",
            "version": "7.52"
          },
          {
            "model": "e-designer",
            "scope": null,
            "trust": 1.4,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "e-designer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "7.52 build 344"
          },
          {
            "model": "electric europe b.v. e-designer build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "model": "electric e-designer build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "e designer",
            "version": "7.52"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2017-9634",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-9634",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-9634",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22837",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-9634",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2017-9634",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-9634",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-9634",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22837",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-869",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-9634",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file.  An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address.  An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. \nMitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          }
        ],
        "trust": 3.96
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9634",
            "trust": 5.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-213-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "100097",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3804",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3759",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "3F385BD9-7C1C-4E38-AD57-7DB92192B1A5",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "id": "VAR-201804-0782",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          }
        ],
        "trust": 1.675
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:00:36.968000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/fa/"
          },
          {
            "title": "Mitsubishi Electric Europe B.V. E-Designer patch for out-of-bounds write vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/100852"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/100097"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9634"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9634"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "date": "2018-04-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097"
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "date": "2018-04-17T14:29:00.353000",
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097"
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "date": "2024-11-21T03:36:33.573000",
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi E-Designer Vulnerable to out-of-bounds writing",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201804-0784

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of SetupAlarm sections of a mpa (project specification) file. When parsing the property Font, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "e-designer",
            "scope": null,
            "trust": 4.2,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "_id": null,
            "model": "e-designer",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "mitsubishielectric",
            "version": "7.52"
          },
          {
            "_id": null,
            "model": "e-designer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "7.52 build 344"
          },
          {
            "_id": null,
            "model": "electric europe b.v. e-designer build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "_id": null,
            "model": "electric e-designer build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "e designer",
            "version": "7.52"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-508"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-865"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9638"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-508"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515"
          }
        ],
        "trust": 4.2
      },
      "cve": "CVE-2017-9638",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-9638",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 4.2,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-9638",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-22835",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-9638",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2017-9638",
                "trust": 4.2,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-9638",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-9638",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22835",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-865",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-9638",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-508"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-865"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9638"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of SetupAlarm sections of a mpa (project specification) file.  When parsing the property Font, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9638"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-508"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9638"
          }
        ],
        "trust": 6.48
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9638",
            "trust": 7.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-213-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "100097",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-865",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3803",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-508",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3808",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3796",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3798",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3799",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3797",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "BA5B1D78-480A-4BC9-A667-E19335367D20",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9638",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-508"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9638"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-865"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9638"
          }
        ]
      },
      "id": "VAR-201804-0784",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          }
        ],
        "trust": 1.675
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:00:36.899000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
            "trust": 4.2,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/fa/"
          },
          {
            "title": "Patch for Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/100854"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-508"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9638"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 7.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/100097"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9638"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9638"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-508"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9638"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-865"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9638"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-508",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-509",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-516",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-514",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-513",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-515",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9638",
            "ident": null
          },
          {
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013251",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-865",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9638",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-508",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-509",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-516",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-514",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-513",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-515",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22835",
            "ident": null
          },
          {
            "date": "2018-04-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9638",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013251",
            "ident": null
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-865",
            "ident": null
          },
          {
            "date": "2018-04-17T14:29:00.463000",
            "db": "NVD",
            "id": "CVE-2017-9638",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-508",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-509",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-516",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-514",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-513",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-515",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22835",
            "ident": null
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9638",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013251",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-865",
            "ident": null
          },
          {
            "date": "2024-11-21T03:36:34.040000",
            "db": "NVD",
            "id": "CVE-2017-9638",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-865"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22835"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-865"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202010-0395

    Vulnerability from variot - Updated: 2024-11-23 21:51

    Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. of multiple Mitsubishi Electric products TCP A vulnerability in session management exists in the protocol stack. This vulnerability information is provided by the developer for the purpose of dissemination to product users. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of ACK packets. When generating ACK packets, the application uses a predictable sequence number. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Mitsubishi Electric gt14 model是日本三菱电机(Mitsubishi Electric)公司的一个用于工业生产过程中提供人机交互界面的设备. Mitsubishi Electric 多个产品存在命令执行漏洞,该漏洞允许攻击者冒充合法设备,从而使攻击者能够远程执行任意命令。以下产品和版本受到影响:QJ71MES96 all versions,QJ71WS96 all versions,Q06CCPU-V all versions,Q24DHCCPU-V all versions,Q24DHCCPU-VG all versions,R12CCPU-V Version 13 and prior,RD55UP06-V Version 09 and prior,RD55UP12-V Version 01,RJ71GN11-T2 Version 11 and prior,RJ71EN71 all versions,QJ71E71-100 all versions,LJ71E71-100 all versions,QJ71MT91 all versions,RD78Gn(n=4,8,16,32,64) all versions,RD78GHV all versions,RD78GHW all versions,NZ2GACP620-60 all versions,NZ2GACP620-300 all versions,NZ2FT-MT all versions,NZ2FT-EIP all versions,Q03UDECPU the first 5 digits of serial number 22081 and prior,QnUDEHCPU(n=04/06/10/13/20/26/50/100) the first 5 digits of serial number 22081 and prior,QnUDVCPU(n=03/04/06/13/26) the first 5 digits of serial number 22031 and prior,QnUDPVCPU(n=04/06/13/26) the first 5 digits of serial number 22031 and prior,LnCPU(-P)(n=02/06/26) the first 5 digits of serial number 22051 and prior,L26CPU-(P)BT the first 5 digits of serial number 22051 and prior,RnCPU(n=00/01/02) Version 18 and prior,RnCPU(n=04/08/16/32/120) Version 50 and prior,RnENCPU(n=04/08/16/32/120) Version 50 and prior,RnSFCPU (n=08/16/32/120) Version 22 and prior,RnPCPU(n=08/16/32/120) Version 24 and prior,RnPSFCPU(n=08/16/32/120) Version 05 and prior,FX5U(C)-M*/,FX5UC-32M/-TS Version 1.210 and prior,FX5UJ-M/ Version 1.000,FX5-ENET Version 1.002 and prior,FX5-ENET/IP Version 1.002 and prior,FX3U-ENET-ADP Version 1.22 and prior,FX3GE-M/* the first 3 digits of serial number 20X and prior,FX3U-ENET Version 1.14 and prior,FX3U-ENET-L Version 1.14 and prior,FX3U-ENET-P502 Version 1.14 and prior,FX5-CCLGN-MS Version 1.000,IU1-1M20-D all versions,LE7-40GU-L all versions,GOT2000 Series GT21 Model all versions,GS Series all versions,GOT1000 Series GT14 Model all versions,GT25-J71GN13-T2 all versions,FR-A800-E Series production date December 2020 and prior,FR-F800-E Series production date December 2020 and prior,FR-A8NCG Production date August 2020 and prior,FR-E800-EPA Series Production date July 2020 and prior,FR-E800-EPB Series Production date July 2020 and prior,Conveyor Tracking Application APR-nTR3FH APR-nTR6FH APR-nTR12FH APR-nTR20FH(n=1,2) all versions (Discontinued product),MR-JE-C all versions,MR-J4-TM all versions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0395",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fr-f842-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rnpsfcpu\\",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "qj71ws96",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-14mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-f860-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "q24dhccpu-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uj-24mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "fx3u-enet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "q24dhccpu-vg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rnpcpu\\",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "got2000 series gt21",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-60mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5-enet-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-a860-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rd55up06-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-40mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-40mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uc-32mr\\/ds-ts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.210"
          },
          {
            "model": "got1000 series gt14",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "conveyor tracking application apr-ntr12fh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "rd78ghv",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-f820-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-f840-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "qnudehcpu\\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "22081"
          },
          {
            "model": "qnudpvcpu\\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "22031"
          },
          {
            "model": "fx5uj-24mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "nz2gacp620-60",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rnsfcpu \\",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rj71en71",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5-enet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-a862-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mr-j4-tm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "r12ccpu-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mr-je-c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-40mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uj-40mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "fx3g-32 mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "qnudvcpu\\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "22031"
          },
          {
            "model": "lj71e71-100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uj-40mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "fx5uc-32mt\\/d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.210"
          },
          {
            "model": "fx5uj-60mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "fx3g-14mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-14mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5-cclgn-ms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-a8ncge",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "2020-08"
          },
          {
            "model": "qj71mt91",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-a820-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uj-60mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "fr-e800-epa",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "2020-07"
          },
          {
            "model": "got simple series gs21",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-e800-epb",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "2020-07"
          },
          {
            "model": "fx3g-14mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rj71gn11-t2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-40mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "le7-40gu-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uj-40mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "iu1-1m20-d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "nz2gacp620-300",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "l26cpu-\\ bt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "22051"
          },
          {
            "model": "nz2ft-mt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "q06ccpu-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-f862-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "conveyor tracking application apr-ntr6fh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rd78gn\\",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-24mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "lncpu\\ \\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "22051"
          },
          {
            "model": "fx3g-60mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "conveyor tracking application apr-ntr3fh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-24mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "conveyor tracking application apr-ntr20fh\\",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-enet-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-a842-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fr-a840-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-60mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rd78ghw",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uc-32mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.210"
          },
          {
            "model": "rncpu\\ t",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "18"
          },
          {
            "model": "fx3u-enet-p502",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "gt25-j71gn13-t2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uc-32mt\\/ds-ts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.210"
          },
          {
            "model": "q03udecpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "22081"
          },
          {
            "model": "fx5uj-60mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "fx5uc-32mt\\/dss-ts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.210"
          },
          {
            "model": "fx5-enet\\/ip",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx3g-60mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rncpu\\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "50"
          },
          {
            "model": "fx3g-24mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "rnencpu\\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "50"
          },
          {
            "model": "qj71mes96",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "fx5uj-24mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.000"
          },
          {
            "model": "rd55up12-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "nz2ft-eip",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "(multiple products)"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * ac the servo  melservo"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * lossnay central ventilation system"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * display  got"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * air conditioning control system  / centralized controller"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * air conditioning control system  / expansion controller"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * energy measurement unit"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "affected products    s vary widely. for more information, please check the information provided by the developer."
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * range hood fan"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * data collection analyzer  melqic"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * hems compatible adapter, lan adapter"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * air conditioning control system  / bm adapter"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * room air conditioner"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * bath drying/heating/ventilation system"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * solar power system color monitor eco guide"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * ventilation fan for duct"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * tension controller"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * inverter  freqrol"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * mitsubishi energy saving dem  monitoring server  e-energy"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "it was * robot  melfa"
          },
          {
            "model": "melsec iq-f",
            "scope": null,
            "trust": 0.7,
            "vendor": "mitsubishi electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16226"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ta-Lun Yen of TXOne IoT/ICS Security Research Labs (Trend Micro)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1207"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-16226",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-16226",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-16226",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2020-16226",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-16226",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-16226",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-16226",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-16226",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202009-074",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-16226",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-16226"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16226"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. of multiple Mitsubishi Electric products TCP A vulnerability in session management exists in the protocol stack. This vulnerability information is provided by the developer for the purpose of dissemination to product users. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of ACK packets. When generating ACK packets, the application uses a predictable sequence number. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Mitsubishi Electric gt14 model\u662f\u65e5\u672c\u4e09\u83f1\u7535\u673a\uff08Mitsubishi Electric\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u5de5\u4e1a\u751f\u4ea7\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u4eba\u673a\u4ea4\u4e92\u754c\u9762\u7684\u8bbe\u5907. \nMitsubishi Electric \u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u5192\u5145\u5408\u6cd5\u8bbe\u5907\uff0c\u4ece\u800c\u4f7f\u653b\u51fb\u8005\u80fd\u591f\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aQJ71MES96 all versions\uff0cQJ71WS96 all versions\uff0cQ06CCPU-V all versions\uff0cQ24DHCCPU-V all versions\uff0cQ24DHCCPU-VG all versions\uff0cR12CCPU-V Version 13 and prior\uff0cRD55UP06-V Version 09 and prior\uff0cRD55UP12-V Version 01\uff0cRJ71GN11-T2 Version 11 and prior\uff0cRJ71EN71 all versions\uff0cQJ71E71-100 all versions\uff0cLJ71E71-100 all versions\uff0cQJ71MT91 all versions\uff0cRD78Gn(n=4,8,16,32,64) all versions\uff0cRD78GHV all versions\uff0cRD78GHW all versions\uff0cNZ2GACP620-60 all versions\uff0cNZ2GACP620-300 all versions\uff0cNZ2FT-MT all versions\uff0cNZ2FT-EIP all versions\uff0cQ03UDECPU the first 5 digits of serial number 22081 and prior\uff0cQnUDEHCPU(n=04/06/10/13/20/26/50/100) the first 5 digits of serial number 22081 and prior\uff0cQnUDVCPU(n=03/04/06/13/26) the first 5 digits of serial number 22031 and prior\uff0cQnUDPVCPU(n=04/06/13/26) the first 5 digits of serial number 22031 and prior\uff0cLnCPU(-P)(n=02/06/26) the first 5 digits of serial number 22051 and prior\uff0cL26CPU-(P)BT the first 5 digits of serial number 22051 and prior\uff0cRnCPU(n=00/01/02) Version 18 and prior\uff0cRnCPU(n=04/08/16/32/120) Version 50 and prior\uff0cRnENCPU(n=04/08/16/32/120) Version 50 and prior\uff0cRnSFCPU (n=08/16/32/120) Version 22 and prior\uff0cRnPCPU(n=08/16/32/120) Version 24 and prior\uff0cRnPSFCPU(n=08/16/32/120) Version 05 and prior\uff0cFX5U(C)-**M*/**\uff0cFX5UC-32M*/**-TS Version 1.210 and prior\uff0cFX5UJ-**M*/** Version 1.000\uff0cFX5-ENET Version 1.002 and prior\uff0cFX5-ENET/IP Version 1.002 and prior\uff0cFX3U-ENET-ADP Version 1.22 and prior\uff0cFX3GE-**M*/** the first 3 digits of serial number 20X and prior\uff0cFX3U-ENET Version 1.14 and prior\uff0cFX3U-ENET-L Version 1.14 and prior\uff0cFX3U-ENET-P502 Version 1.14 and prior\uff0cFX5-CCLGN-MS Version 1.000\uff0cIU1-1M20-D all versions\uff0cLE7-40GU-L all versions\uff0cGOT2000 Series GT21 Model all versions\uff0cGS Series all versions\uff0cGOT1000 Series GT14 Model all versions\uff0cGT25-J71GN13-T2 all versions\uff0cFR-A800-E Series production date December 2020 and prior\uff0cFR-F800-E Series production date December 2020 and prior\uff0cFR-A8NCG Production date August 2020 and prior\uff0cFR-E800-EPA Series Production date July 2020 and prior\uff0cFR-E800-EPB Series Production date July 2020 and prior\uff0cConveyor Tracking Application APR-nTR3FH APR-nTR6FH APR-nTR12FH APR-nTR20FH(n=1,2) all versions (Discontinued product)\uff0cMR-JE-C all versions\uff0cMR-J4-TM all versions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-16226"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-16226"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-16226",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-245-01",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU93926439",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10966",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1207",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3041",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4767",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-16226",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-16226"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16226"
          }
        ]
      },
      "id": "VAR-202010-0395",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41666666
      },
      "last_update_date": "2024-11-23T21:51:16.463000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "of our products TCP Spoofing Vulnerability in Protocol Stack",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-009.pdf"
          },
          {
            "title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01"
          },
          {
            "title": "mitsubishielectric Fixes for remote command execution vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=127702"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-342",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16226"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93926439/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3041/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16226"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4767"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/342.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-245-01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-16226"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16226"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-16226"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16226"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-08T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "date": "2020-10-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-16226"
          },
          {
            "date": "2020-09-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "date": "2020-09-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          },
          {
            "date": "2020-10-05T18:15:13.133000",
            "db": "NVD",
            "id": "CVE-2020-16226"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1207"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-16226"
          },
          {
            "date": "2022-09-26T08:55:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          },
          {
            "date": "2022-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          },
          {
            "date": "2024-11-21T05:06:58.517000",
            "db": "NVD",
            "id": "CVE-2020-16226"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "of multiple Mitsubishi Electric products \u00a0TCP\u00a0 Session management flaw in protocol stack",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008251"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Command execution",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-074"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-1411

    Vulnerability from variot - Updated: 2024-11-23 20:02

    When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R , iQ-F , Q , L , F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company.

    Many Mitsubishi Electric products have resource management error vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1411",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cr800-q",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q25prhcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r32encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q12prhcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-pbt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q26dhccpu-ls",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r16encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l06cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q12dccpu-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q25phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r32cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r120encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r120cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q02phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q24dhccpu-ls",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l06cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r08cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q172dscpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r00cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-bt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r04encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q24dhccpu-vg2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q12phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r16cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3gc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q24dhccpu-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r01cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r02cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q06phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q173nccpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q173dscpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r08encpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02scpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02scpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "r04cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "melsec f series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec iq-f series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec iq-r series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec l series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "melsec q series",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric melsec iq-r series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          },
          {
            "model": "electric melsec iq-f series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          },
          {
            "model": "electric melsec q series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          },
          {
            "model": "electric melsec l series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          },
          {
            "model": "electric melsec f series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_f_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          }
        ]
      },
      "cve": "CVE-2020-5527",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5527",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-002958",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-29576",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5527",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-002958",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5527",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-002958",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-29576",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1699",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R \uff0c iQ-F \uff0c Q \uff0c L \uff0c F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company. \n\r\n\r\nMany Mitsubishi Electric products have resource management error vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5527",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91553662",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-091-02",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1157",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "id": "VAR-202003-1411",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:02:16.059000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSOFT\u4ea4\u4fe1\u30dd\u30fc\u30c8\uff08UDP/IP\uff09\u306b\u304a\u3051\u308b\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-005.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu91553662/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5527"
          },
          {
            "trust": 0.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91553662/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5527"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1157/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "date": "2020-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "date": "2020-03-30T08:15:17.640000",
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-29576"
          },
          {
            "date": "2020-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          },
          {
            "date": "2024-11-21T05:34:13.020000",
            "db": "NVD",
            "id": "CVE-2020-5527"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC Of the series  MELSOFT Resource exhaustion vulnerability in communication ports",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-002958"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1699"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202211-1878

    Vulnerability from variot - Updated: 2024-08-14 15:42

    Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.If the product receives a specially crafted packet by a remote third party, the product will cause a denial of service. (DoS) may become a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1878",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r32encpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "65"
          },
          {
            "model": "r04encpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "65"
          },
          {
            "model": "r120encpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "65"
          },
          {
            "model": "r08encpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "65"
          },
          {
            "model": "rj71en71",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "65"
          },
          {
            "model": "r16encpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "65"
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "melsec iq-r  series  r04/08/16/32/120encpu ( network department )  firmware    \"65\"  and earlier"
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "melsec iq-r  series  rj71en71  firmware    \"65\"  and earlier"
          },
          {
            "model": "melsec iq-r04",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": "\u003c=65"
          },
          {
            "model": "melsec iq-r08",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": "\u003c=65"
          },
          {
            "model": "melsec iq-r16",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": "\u003c=65"
          },
          {
            "model": "melsec iq-r32",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": "\u003c=65"
          },
          {
            "model": "melsec iq-r120encpu",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": "\u003c=65"
          },
          {
            "model": "melsec iq-rj71en71",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": "\u003c=65"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40265"
          }
        ]
      },
      "cve": "CVE-2022-40265",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-85487",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-40265",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-40265",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.6,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002767",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-40265",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
                "id": "CVE-2022-40265",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002767",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-85487",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202211-3700",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40265"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40265"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.If the product receives a specially crafted packet by a remote third party, the product will cause a denial of service. (DoS) may become a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40265"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-40265",
            "trust": 3.9
          },
          {
            "db": "JVN",
            "id": "JVNVU94702422",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-335-01",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6281",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-3700",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40265",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40265"
          }
        ]
      },
      "id": "VAR-202211-1878",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          }
        ],
        "trust": 1.5166666666666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          }
        ]
      },
      "last_update_date": "2024-08-14T15:42:05.936000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC\u00a0iQ-R\u00a0 series \u00a0Ethernet\u00a0 Denial of Service on Interface Units (DoS) Vulnerability",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-017.pdf"
          },
          {
            "title": "Patch for Mitsubishi Electric Corporation MELSEC iQ-R Series Input Validation Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/365051"
          },
          {
            "title": "Mitsubishi Electric MELSEC iQ-R series Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216560"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40265"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://jvn.jp/vu/jvnvu94702422"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
          },
          {
            "trust": 0.9,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94702422/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40265"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6281"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-40265/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40265"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40265"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "date": "2022-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40265"
          },
          {
            "date": "2022-11-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "date": "2022-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          },
          {
            "date": "2022-11-30T01:15:09.873000",
            "db": "NVD",
            "id": "CVE-2022-40265"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-85487"
          },
          {
            "date": "2022-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-40265"
          },
          {
            "date": "2022-12-16T01:17:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          },
          {
            "date": "2022-12-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          },
          {
            "date": "2022-12-06T19:36:10.460000",
            "db": "NVD",
            "id": "CVE-2022-40265"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric \u00a0MELSEC\u00a0iQ-R\u00a0 series \u00a0Ethernet\u00a0 Improper Input Validation Vulnerability in Interface Unit",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002767"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-3700"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2022-40266 (GCVE-0-2022-40266)

    Vulnerability from nvd – Published: 2022-11-24 08:20 – Updated: 2025-04-25 17:56
    VLAI
    Title
    Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
    Summary
    Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric GOT2000 Series GT27 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT25 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT23 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95633416"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T17:56:28.262332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T17:56:41.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 Series GT27 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT25 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT23 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
                }
              ],
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-24T08:20:14.606Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU95633416"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-40266",
        "datePublished": "2022-11-24T08:20:14.606Z",
        "dateReserved": "2022-09-08T19:40:16.931Z",
        "dateUpdated": "2025-04-25T17:56:41.874Z",
        "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-40266 (GCVE-0-2022-40266)

    Vulnerability from cvelistv5 – Published: 2022-11-24 08:20 – Updated: 2025-04-25 17:56
    VLAI
    Title
    Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series
    Summary
    Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Mitsubishi Electric GOT2000 Series GT27 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT25 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Mitsubishi Electric GOT2000 Series GT23 model Affected: FTP server versions 01.39.000 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95633416"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T17:56:28.262332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T17:56:41.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GOT2000 Series GT27 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT25 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            },
            {
              "product": "GOT2000 Series GT23 model",
              "vendor": "Mitsubishi Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "FTP server versions 01.39.000 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
                }
              ],
              "value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-24T08:20:14.606Z",
            "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
            "shortName": "Mitsubishi"
          },
          "references": [
            {
              "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU95633416"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "assignerShortName": "Mitsubishi",
        "cveId": "CVE-2022-40266",
        "datePublished": "2022-11-24T08:20:14.606Z",
        "dateReserved": "2022-09-08T19:40:16.931Z",
        "dateUpdated": "2025-04-25T17:56:41.874Z",
        "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }