Find a vulnerability
Search criteria
90 vulnerabilities by Mitsubishi Electric
JVNDB-2026-000017
Vulnerability from jvndb - Published: 2026-02-03 14:57 - Updated:2026-02-05 14:41- Incorrect default permissions (CWE-276) - CVE-2025-10314
| Type | URL | |
|---|---|---|
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000017.html",
"dc:date": "2026-02-05T14:41+09:00",
"dcterms:issued": "2026-02-03T14:57+09:00",
"dcterms:modified": "2026-02-05T14:41+09:00",
"description": "Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability.\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2025-10314\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000017.html",
"sec:cpe": {
"#text": "cpe:/a:mitsubishielectric:freqship-mini",
"@product": "FREQSHIP-mini",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000017",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN64883963/index.html",
"@id": "JVN#64883963",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-10314",
"@id": "CVE-2025-10314",
"@source": "CVE"
},
{
"#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-01",
"@id": "ICSA-26-034-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows"
}
VAR-201902-0127
Vulnerability from variot - Updated: 2025-06-27 23:05Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan's Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "q06udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q100udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q26udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q13udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q04udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q26udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q04udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q20udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q10udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q06udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q06udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q26udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q13udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q04udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q03udecpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q50udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q03udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q13udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q03udecpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q03udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q04udpvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q04udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q06udpvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q06udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q13udpvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q13udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q26udpvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q26udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric q04/06/13/26udpvcpu",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20081"
},
{
"model": "electric q04/06/10/13/20/26/50/100udehcpu",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20101"
},
{
"model": "electric q03udecpu",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20101"
},
{
"model": "electric q03/04/06/13/26udvcpu",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20081"
}
],
"sources": [
{
"db": "BID",
"id": "106771"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q03udecpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q03udvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q04udpvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q04udvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q06udpvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q06udvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q13udpvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q13udvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q26udpvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q26udvcpu_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tri Quach of Amazon???s Customer Fulfillment Technology Security (CFTS),Tri Quach of Amazon???s Customer Fulfillment Technology Security (CFTS)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6535",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6535",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-157970",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6535",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6535",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6535",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2019-6535",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6535",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-973",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157970",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan\u0027s Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6535"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "BID",
"id": "106771"
},
{
"db": "VULHUB",
"id": "VHN-157970"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6535",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-029-02",
"trust": 2.8
},
{
"db": "BID",
"id": "106771",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98808",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-157970",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "BID",
"id": "106771"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"id": "VAR-201902-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
}
],
"trust": 0.85
},
"last_update_date": "2025-06-27T23:05:24.314000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC-Q\u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/fa/products/cnt/plcq/items/index.html"
},
{
"title": "Multiple Misubishi Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89040"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-029-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106771"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6535"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6535"
},
{
"trust": 0.3,
"url": "http://www.mitsubishi-automation.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "BID",
"id": "106771"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "BID",
"id": "106771"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157970"
},
{
"date": "2019-01-29T00:00:00",
"db": "BID",
"id": "106771"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"date": "2019-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"date": "2019-02-05T19:29:00.243000",
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-157970"
},
{
"date": "2019-01-29T00:00:00",
"db": "BID",
"id": "106771"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"date": "2025-06-26T18:15:21.017000",
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Mitsubishi Electric Q Vulnerability related to resource depletion in series products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
}
],
"trust": 0.6
}
}
VAR-201702-0077
Vulnerability from variot - Updated: 2025-04-20 23:34An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric qj71e71-b2",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric qj71e71-b5",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 b5",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 b2",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b5_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vladimir Dashchenko of Critical Infrastructure Defense Team",
"sources": [
{
"db": "BID",
"id": "94632"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8370",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8370",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-007661",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11833",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97190",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8370",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-007661",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8370",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-007661",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-11833",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-463",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97190",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8370"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "VULHUB",
"id": "VHN-97190"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8370",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-03",
"trust": 3.4
},
{
"db": "BID",
"id": "94632",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-11833",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99901500",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661",
"trust": 0.8
},
{
"db": "IVD",
"id": "E9B21E03-B557-44EB-B380-01D11C51C00C",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-97190",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"id": "VAR-201702-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
}
],
"trust": 1.7055555333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
}
]
},
"last_update_date": "2025-04-20T23:34:29.489000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/JVNVU99901500/479518/index.html"
},
{
"title": "Multiple Mitsubishi Electric MELSEC-Q series products have patches for security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84929"
},
{
"title": "Multiple Mitsubishi Electric Automation MELSEC-Q Repair measures for series product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67753"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.9
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-412",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94632"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99901500/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-05T00:00:00",
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"date": "2016-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97190"
},
{
"date": "2016-12-01T00:00:00",
"db": "BID",
"id": "94632"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"date": "2017-02-13T21:59:01.220000",
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"date": "2017-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-97190"
},
{
"date": "2016-12-20T00:06:00",
"db": "BID",
"id": "94632"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC-Q Series Ethernet Multiple vulnerabilities in interface module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
}
],
"trust": 0.6
}
}
VAR-201702-0075
Vulnerability from variot - Updated: 2025-04-20 23:34An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. Attackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric qj71e71-b2",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric qj71e71-b5",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 b5",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 b2",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b5_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vladimir Dashchenko of Critical Infrastructure Defense Team",
"sources": [
{
"db": "BID",
"id": "94632"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8368",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8368",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-007661",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11832",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97188",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8368",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-007661",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8368",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-007661",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-11832",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-009",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97188",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. \nAttackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8368"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "VULHUB",
"id": "VHN-97188"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8368",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-03",
"trust": 3.4
},
{
"db": "BID",
"id": "94632",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-11832",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99901500",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661",
"trust": 0.8
},
{
"db": "IVD",
"id": "218C8DDF-AE70-4D34-AB2C-7271D1A5A80F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-97188",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"id": "VAR-201702-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
}
],
"trust": 1.7055555333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
}
]
},
"last_update_date": "2025-04-20T23:34:29.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/JVNVU99901500/479518/index.html"
},
{
"title": "Patches for multiple service violations in multiple Mitsubishi Electric MELSEC-Q series products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84928"
},
{
"title": "Mitsubishi Electric MELSEC-Q Series Product Security Bypass Vulnerabilities and Remediation Measures for Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65991"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-662",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
},
{
"problemtype": "CWE-412",
"trust": 0.8
},
{
"problemtype": "CWE-327",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94632"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99901500/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-05T00:00:00",
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"date": "2016-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97188"
},
{
"date": "2016-12-01T00:00:00",
"db": "BID",
"id": "94632"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"date": "2017-02-13T21:59:01.173000",
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"date": "2017-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-97188"
},
{
"date": "2016-12-20T00:06:00",
"db": "BID",
"id": "94632"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC-Q Series Ethernet Multiple vulnerabilities in interface module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
}
],
"trust": 0.8
}
}
VAR-201510-0694
Vulnerability from variot - Updated: 2025-04-12 23:27The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. Mitsubishi Electric MELSEC FX3G PLC is a programmable logic controller (PLC) product of the MELSEC FX series from Mitsubishi Electric Corporation of Japan. Mitsubishi Melsec FX3G-24M and FX3U-ENET-ADP are prone to multiple denial-of-service vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0694",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec fx3g",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec fx3g series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "(2015 year 4 before the month )"
},
{
"model": "electric europe b.v. melsec fx3g plc",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec fx3g-24m",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "2.10"
},
{
"model": "electric melsec fx3g series plc",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric fx3u-enet-adp",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "melsec fx3g",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:mitsubishielectric:melsec_fx3g",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ralf Spenneberg",
"sources": [
{
"db": "BID",
"id": "76885"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3938",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3938",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06525",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "7090b600-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3938",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3938",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-06525",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. Mitsubishi Electric MELSEC FX3G PLC is a programmable logic controller (PLC) product of the MELSEC FX series from Mitsubishi Electric Corporation of Japan. Mitsubishi Melsec FX3G-24M and FX3U-ENET-ADP are prone to multiple denial-of-service vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3938",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-146-01",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2015-06525",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088",
"trust": 0.8
},
{
"db": "BID",
"id": "76885",
"trust": 0.3
},
{
"db": "IVD",
"id": "7090B600-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"id": "VAR-201510-0694",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
}
],
"trust": 1.59166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
}
]
},
"last_update_date": "2025-04-12T23:27:32.620000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/"
},
{
"title": "\u30b7\u30fc\u30b1\u30f3\u30b5 MELSEC",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/products/cnt/plc/index.html"
},
{
"title": "Mitsubishi Electric MELSEC FX3G PLC Device Resource Management Error Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/65065"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-146-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3938"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3938"
},
{
"trust": 0.3,
"url": "http://www.os-s.net/advisories/mitsubishi_fx3ge_parameter_error-engl.pdf"
},
{
"trust": 0.3,
"url": "http://www.mitsubishi-automation.com/products/software_mx_components_content.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-15T00:00:00",
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"date": "2015-09-29T00:00:00",
"db": "BID",
"id": "76885"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"date": "2015-10-06T01:59:07.157000",
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"date": "2015-11-03T19:51:00",
"db": "BID",
"id": "76885"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC FX3G PLC Device Resource Management Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
}
],
"trust": 0.8
}
}
VAR-201209-0581
Vulnerability from variot - Updated: 2025-04-11 23:20Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. CitectSCADA is software for providing monitoring and control functions in the Data Acquisition and Monitoring System (SCADA). A buffer overflow vulnerability exists in CitectSCADA and Mitsubishi MX4 SCADA version 7.10. This vulnerability affects the Batch server module, which can be exploited by an attacker to run arbitrary code in the context of an application, and a failed attack attempt will result in a denial of service. CitectSCADA is an industrial control software used by Mitsubishi MX4 and Schneider Electric. Careful construction of string data can execute arbitrary code in the application context. CitectSCADA and Mitsubishi MX4 SCADA are prone to a buffer-overflow vulnerability that affects the Batch server module. Failed exploit attempts will result in a denial-of-service condition. The following versions are vulnerable: CitectSCADA 7.10 and prior Mitsubishi MX4 SCADA 7.10 and prior. Citectscada is prone to a local security vulnerability. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Schneider Electric CitectSCADA Batch Server Login Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46779
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46779/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46779
RELEASE DATE: 2011-11-09
DISCUSS ADVISORY: http://secunia.com/advisories/46779/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46779/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46779
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Schneider Electric CitectSCADA, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
SOLUTION: Update to a fixed version. Please contact the vendor for details.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Taiwan\x92s Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: CitectSCADA: http://www.citect.com/citectscada-batch
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
The application bundles a vulnerable version of CitectSCADA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0581",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mx4 scada",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishi automation",
"version": "7.10"
},
{
"model": "citectscada",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.10"
},
{
"model": "mx4 scada",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi automation",
"version": "7.10"
},
{
"model": "electric citectscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider",
"version": "7.1"
},
{
"model": "citectscada",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.20"
},
{
"model": "mx4 scada",
"scope": "lt",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.20"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 0.6,
"vendor": "citect",
"version": "7.x"
},
{
"model": "electric citectscada",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "7.10"
},
{
"model": "electric mx4 scada",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.10"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mx4 scada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citectscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citect",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citectscada",
"version": "7.x"
}
],
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:citectscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mx4_scada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung",
"sources": [
{
"db": "BID",
"id": "50604"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
}
],
"trust": 0.9
},
"cve": "CVE-2011-5163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2011-5163",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2011-5807",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "5faca590-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-53108",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5163",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-5163",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2011-5807",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-330",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-53108",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. CitectSCADA is software for providing monitoring and control functions in the Data Acquisition and Monitoring System (SCADA). A buffer overflow vulnerability exists in CitectSCADA and Mitsubishi MX4 SCADA version 7.10. This vulnerability affects the Batch server module, which can be exploited by an attacker to run arbitrary code in the context of an application, and a failed attack attempt will result in a denial of service. CitectSCADA is an industrial control software used by Mitsubishi MX4 and Schneider Electric. Careful construction of string data can execute arbitrary code in the application context. CitectSCADA and Mitsubishi MX4 SCADA are prone to a buffer-overflow vulnerability that affects the Batch server module. Failed exploit attempts will result in a denial-of-service condition. \nThe following versions are vulnerable:\nCitectSCADA 7.10 and prior\nMitsubishi MX4 SCADA 7.10 and prior. Citectscada is prone to a local security vulnerability. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nSchneider Electric CitectSCADA Batch Server Login Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46779\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46779/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779\n\nRELEASE DATE:\n2011-11-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46779/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46779/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Schneider Electric CitectSCADA,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nSOLUTION:\nUpdate to a fixed version. Please contact the vendor for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Taiwan\\x92s Information and\nCommunication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nCitectSCADA:\nhttp://www.citect.com/citectscada-batch\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe application bundles a vulnerable version of CitectSCADA",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5163"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "PACKETSTORM",
"id": "106802"
},
{
"db": "PACKETSTORM",
"id": "106806"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-11-279-02",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2011-5163",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "46779",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1026306",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "46786",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "76937",
"trust": 1.7
},
{
"db": "BID",
"id": "50604",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-4804",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5807",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254",
"trust": 0.6
},
{
"db": "BID",
"id": "77854",
"trust": 0.4
},
{
"db": "IVD",
"id": "5FACA590-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "B0D03A04-1F7F-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "65AE310C-1F7F-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106802",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106806",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "PACKETSTORM",
"id": "106802"
},
{
"db": "PACKETSTORM",
"id": "106806"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"id": "VAR-201209-0581",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "VULHUB",
"id": "VHN-53108"
}
],
"trust": 2.638095215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
}
]
},
"last_update_date": "2025-04-11T23:20:36.883000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CitectScada V7.20 Service Pack 3",
"trust": 0.8,
"url": "http://www.downloads.schneider-electric.com/sites/oreo/ww/document-detail.page?p_docId=4660520\u0026p_Conf=i#http://www.downloads.schneider-electric.com"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/"
},
{
"title": "\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
},
{
"title": "Mitsubishi MX4 SCADA",
"trust": 0.8,
"url": "http://www.mitsubishi-automation.com/products/software_MX4_content.htm"
},
{
"title": "Product Safety Notice",
"trust": 0.8,
"url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=MX4,SCADA"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
},
{
"title": "Patch for CitectSCADA and Mitsubishi MX4 SCADA Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/36929"
},
{
"title": "Patch for Schneider Electric/Mitsubishi MX4 CitectSCADA Batch Server Login Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/5857"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-02.pdf"
},
{
"trust": 2.1,
"url": "http://www.citect.com/citectscada-batch"
},
{
"trust": 2.0,
"url": "http://www.securitytracker.com/id?1026306"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/76937"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/46779"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/46786"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/50604"
},
{
"trust": 1.0,
"url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=mx4%2cscada"
},
{
"trust": 0.9,
"url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=mx4,scada"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5163"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5163"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-02.pdfhttp"
},
{
"trust": 0.3,
"url": "http://www.citect.com/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026amp;doc_type=safety\u0026amp;scat=2\u0026amp;sstr=mx4,scada"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46779/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46779/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46786"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46786/#comments"
},
{
"trust": 0.1,
"url": "https://my.mitsubishi-automation.com/downloads/view/doc_loc/8879/91516012-eb50-11e0-98c9-0022195266d5_psn2011-0001a.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46786/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "PACKETSTORM",
"id": "106802"
},
{
"db": "PACKETSTORM",
"id": "106806"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "PACKETSTORM",
"id": "106802"
},
{
"db": "PACKETSTORM",
"id": "106806"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-19T00:00:00",
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-11T00:00:00",
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-15T00:00:00",
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"date": "2011-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"date": "2012-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-53108"
},
{
"date": "2011-11-08T00:00:00",
"db": "BID",
"id": "50604"
},
{
"date": "2012-09-15T00:00:00",
"db": "BID",
"id": "77854"
},
{
"date": "2012-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"date": "2011-11-09T03:05:37",
"db": "PACKETSTORM",
"id": "106802"
},
{
"date": "2011-11-09T06:29:18",
"db": "PACKETSTORM",
"id": "106806"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"date": "2012-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"date": "2012-09-15T17:55:04.287000",
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"date": "2011-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"date": "2012-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-53108"
},
{
"date": "2015-03-19T09:43:00",
"db": "BID",
"id": "50604"
},
{
"date": "2012-09-15T00:00:00",
"db": "BID",
"id": "77854"
},
{
"date": "2012-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"date": "2011-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"date": "2012-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "77854"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CitectSCADA and Mitsubishi MX4 SCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
}
],
"trust": 1.8
}
}
VAR-201304-0435
Vulnerability from variot - Updated: 2025-04-11 23:16Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Mitsubishi MX Component ActiveX dynamic link library for PC software and Mitsubishi FX/A/Q series links. Mitsubishi MX is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. CitectFacilities is an open and comprehensive facilities management solution designed specifically for managing large built environments. CitectSCADA is software used to provide monitoring and control functions in a supervisory control and data acquisition system (SCADA). There are multiple buffer overflow vulnerabilities in the ActUWzd.dll file version 1.0.0.1 in this component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0435",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "citectfacilities",
"scope": "eq",
"trust": 2.7,
"vendor": "schneider electric",
"version": "7.10"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "7.10"
},
{
"model": "mx component",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi automation",
"version": "3"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.10r1"
},
{
"model": "mx component",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "3 of actuwzd.dll 1.0.0.1"
},
{
"model": "electric mitsubishi mx activex component",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3"
},
{
"model": "citectscada 7.10r1",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric mx component version",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "30"
},
{
"model": "electric mx component",
"scope": "ne",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "4.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mitsubishi mx component",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citectfacilities",
"version": "7.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citectscada",
"version": "7.10"
}
],
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:citectfacilities",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:citectscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mitsubishi_mx_component",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr_IDE",
"sources": [
{
"db": "BID",
"id": "58692"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3075",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3075",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02230",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-63077",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3075",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3075",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-02230",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-439",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-63077",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Mitsubishi MX Component ActiveX dynamic link library for PC software and Mitsubishi FX/A/Q series links. Mitsubishi MX is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. CitectFacilities is an open and comprehensive facilities management solution designed specifically for managing large built environments. CitectSCADA is software used to provide monitoring and control functions in a supervisory control and data acquisition system (SCADA). There are multiple buffer overflow vulnerabilities in the ActUWzd.dll file version 1.0.0.1 in this component",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3075"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-63077"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63077",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63077"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3075",
"trust": 3.6
},
{
"db": "EXPLOIT-DB",
"id": "24886",
"trust": 2.3
},
{
"db": "BID",
"id": "58692",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-140-01",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-13-091-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02230",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494",
"trust": 0.6
},
{
"db": "IVD",
"id": "FAB9DDBA-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-78572",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63077",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"id": "VAR-201304-0435",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
}
]
},
"last_update_date": "2025-04-11T23:16:38.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/"
},
{
"title": "\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
},
{
"title": "MX Component",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/products/cnt/plceng/lineup/mx_component/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.exploit-db.com/exploits/24886/"
},
{
"trust": 1.1,
"url": "http://ics-cert.us-cert.gov/pdf/ics-alert-13-091-01.pdf"
},
{
"trust": 1.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-140-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3075"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3075"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58692"
},
{
"trust": 0.3,
"url": "http://www.intelliscada.com/services_facilities.html"
},
{
"trust": 0.3,
"url": "http://www.citect.com/"
},
{
"trust": 0.3,
"url": "http://www.mitsubishi-automation.com/products/software_mx_components_content.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-27T00:00:00",
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"date": "2013-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-63077"
},
{
"date": "2013-03-25T00:00:00",
"db": "BID",
"id": "58692"
},
{
"date": "2013-04-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"date": "2013-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"date": "2013-04-19T11:44:29.280000",
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"date": "2013-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-63077"
},
{
"date": "2015-03-19T08:08:00",
"db": "BID",
"id": "58692"
},
{
"date": "2013-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"date": "2013-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi MX Component ActiveX Control \u0027ActUWzd.dll\u0027 Remote Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "BID",
"id": "58692"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
}
],
"trust": 1.4
}
}
VAR-201402-0087
Vulnerability from variot - Updated: 2025-04-11 23:14An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Mitsubishi MC-WorkX is a factory automation application tool. Mitsubishi MC-WorX is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Mitsubishi MC-WorX 8.02 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mc-worx suite",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "8.02"
},
{
"model": "mc worx",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "8.02"
},
{
"model": "electric europe b.v. mc-worx",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "8.x"
},
{
"model": "mc-worx suite",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": "8.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mc worx suite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mc-worx_suite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blake",
"sources": [
{
"db": "BID",
"id": "62414"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2817",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-2817",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13110",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "33985888-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2817",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-2817",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-13110",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-279",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Mitsubishi MC-WorkX is a factory automation application tool. Mitsubishi MC-WorX is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nMitsubishi MC-WorX 8.02 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2817"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "BID",
"id": "62414"
},
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2817",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-051-02",
"trust": 2.4
},
{
"db": "BID",
"id": "62414",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-13110",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "54852",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "28284",
"trust": 0.6
},
{
"db": "IVD",
"id": "33985888-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "BID",
"id": "62414"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"id": "VAR-201402-0087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
}
]
},
"last_update_date": "2025-04-11T23:14:40.460000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MC Works",
"trust": 0.8,
"url": "http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works"
},
{
"title": "IcoLaunchPatch_PlaceInBinFolder",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48278"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-02"
},
{
"trust": 1.6,
"url": "http://www.meau.com/eprise/main/sites/public/products/software/-mc_works"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2817"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2817"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/28284/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/54852"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62414"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "BID",
"id": "62414"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-18T00:00:00",
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"date": "2013-09-15T00:00:00",
"db": "BID",
"id": "62414"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"date": "2013-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"date": "2014-02-24T04:48:09.757000",
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"date": "2014-02-25T07:51:00",
"db": "BID",
"id": "62414"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"date": "2014-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi MC-WorX \u0027IcoLaunch.dll\u0027\u0027 ActiveX Control Remote Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "BID",
"id": "62414"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
}
],
"trust": 0.8
}
}
VAR-200803-0395
Vulnerability from variot - Updated: 2025-04-10 23:01servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. The Mitsubishi Electric GB-50A is prone to multiple authentication-bypass vulnerabilities. Successful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0395",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gb",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishi electric",
"version": "50"
},
{
"model": "gb",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishi electric",
"version": "50a"
},
{
"model": "gb",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "(gb-50)"
},
{
"model": "gb",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "(gb-50a)"
},
{
"model": "electric gb-50a",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gb",
"version": "50"
},
{
"model": "50a",
"scope": null,
"trust": 0.2,
"vendor": "gb",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "28406"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:mitsubishielectric:gb",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Withers\u203b chris@simplistix.co.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1546",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-1546",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "077962fc-23ce-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1546",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-1546",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-471",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. The Mitsubishi Electric GB-50A is prone to multiple authentication-bypass vulnerabilities. \nSuccessful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1546"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "BID",
"id": "28406"
},
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1546",
"trust": 2.9
},
{
"db": "BID",
"id": "28406",
"trust": 1.9
},
{
"db": "SREASON",
"id": "3794",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080322 HACKING THE MITSUBISHI GB-50A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071117 SECURITY CONTACT FOR MITSUBISHI ELECTRIC?",
"trust": 0.6
},
{
"db": "XF",
"id": "41503",
"trust": 0.6
},
{
"db": "XF",
"id": "50",
"trust": 0.6
},
{
"db": "IVD",
"id": "077962FC-23CE-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "28406"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"id": "VAR-200803-0395",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2025-04-10T23:01:11.005000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u7a7a\u8abf\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/hvac_r/conditioning/products/control/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/28406"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/483862/2008-03-21/threaded"
},
{
"trust": 1.6,
"url": "http://securityreason.com/securityalert/3794"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41503"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/489970/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1546"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1546"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41503"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489970/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.3,
"url": "/archive/1/489970"
}
],
"sources": [
{
"db": "BID",
"id": "28406"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "28406"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-28T00:00:00",
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"date": "2008-03-22T00:00:00",
"db": "BID",
"id": "28406"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"date": "2008-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"date": "2008-03-28T23:44:00",
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-07T17:32:00",
"db": "BID",
"id": "28406"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"date": "2009-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric GB-50A Java applet Remote bypass authentication vulnerability",
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design error",
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
}
],
"trust": 0.8
}
}
VAR-202502-3855
Vulnerability from variot - Updated: 2025-03-21 23:33M70 BND-1000W022-K1 is a digital controller.
Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-3855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "m70 bnd-1000w022-k1",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04771"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-04771",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-04771",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04771"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "M70 BND-1000W022-K1 is a digital controller.\n\nMitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has an industrial control device vulnerability, which can be exploited by attackers to cause denial of service.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04771"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-04771",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04771"
}
]
},
"id": "VAR-202502-3855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04771"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04771"
}
]
},
"last_update_date": "2025-03-21T23:33:33.647000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-04771"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-04771"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-04771"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric (China) Co., Ltd. Mitsubishi M70 BND-1000W022-K1 has industrial control equipment vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04771"
}
],
"trust": 0.6
}
}
VAR-201911-1188
Vulnerability from variot - Updated: 2024-11-23 23:04In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1188",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "l26cpu-bt-cm",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l02\\/06\\/26cpu-cm",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l02\\/06\\/26cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l26cpu-bt",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l02\\/06\\/26cpu-p",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "q03udecpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": "l26cpu-pbt",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "q03\\/04\\/06\\/13\\/26udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": "q04\\/06\\/13\\/26udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": "q04\\/06\\/10\\/13\\/20\\/26\\/50\\/100udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": "melsec-l series cpu unit",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l02/06/26cpu"
},
{
"model": "melsec-l series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l26cpu-bt ( top serial number 5 digits 21101 )"
},
{
"model": "melsec-l series cpu unit",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l02/06/26cpu-cm"
},
{
"model": "melsec-l series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l26cpu-bt-cm ( top serial number 5 digits 21101 )"
},
{
"model": "melsec-l series cpu unit",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l02/06/26cpu-p"
},
{
"model": "melsec-l series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l26cpu-pbt ( top serial number 5 digits 21101 )"
},
{
"model": "melsec-q series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "q03/04/06/13/26udvcpu ( top serial number 5 digits 21081 )"
},
{
"model": "melsec-q series cpu unit",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "q03udecpu"
},
{
"model": "melsec-q series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "q04/06/10/13/20/26/50/100udehcpu ( top serial number 5 digits 21081 )"
},
{
"model": "melsec-q series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "q04/06/13/26udpvcpu ( top serial number 5 digits 21081 )"
},
{
"model": "electric mitsubishi electric melsec-q series \u003c=q03/04/06/13/26udvcpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21081"
},
{
"model": "electric mitsubishi electric melsec-q series \u003c=q04/06/13/26udpvcpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21081"
},
{
"model": "electric mitsubishi electric melsec-q series \u003c=q03udecpu q04/06/10/13/20/26/50/100udehcpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21081"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l26cpu-bt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu-p",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l26cpu-pbt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu-cm",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l26cpu-bt-cm",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "l26cpu-bt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l26cpu-bt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-pbt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "q03udecpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q03udecpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "q03 04 06 13 26udvcpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l26cpu bt cm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "q04 06 13 26udpvcpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "q03udecpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "q04 06 10 13 20 26 50 100udehcpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l02 06 26cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l26cpu bt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l02 06 26cpu p",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l26cpu pbt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l02 06 26cpu cm",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec-l_series_cpu_unit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec-q_series_cpu_unit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
}
]
},
"cve": "CVE-2019-13555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13555",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-011686",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-41428",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2019-13555",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-011686",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2019-011686",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41428",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-424",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-13555",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13555",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-311-01",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2019-41428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97094124",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4209",
"trust": 0.6
},
{
"db": "IVD",
"id": "00D06E5F-E8D7-433D-9E94-3FF51C3E39B6",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-13555",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"id": "VAR-201911-1188",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
}
],
"trust": 1.7375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
}
]
},
"last_update_date": "2024-11-23T23:04:35.531000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC-Q\u30b7\u30ea\u30fc\u30baCPU\u3001\u304a\u3088\u3073MELSEC-L\u30b7\u30ea\u30fc\u30baCPU\u306b\u304a\u3051\u308bFTP\u30b5\u30fc\u30d0\u6a5f\u80fd\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-002.pdf"
},
{
"title": "Patch for Mitsubishi Electric MELSEC-Q Series and Mitsubishi MELSEC-L Series Resource Management Error Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191107"
},
{
"title": "Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103038"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13555"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13555"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu97094124"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4209/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"date": "2019-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"date": "2019-11-13T23:15:11.327000",
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"date": "2019-11-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"date": "2019-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"date": "2024-11-21T04:25:08.387000",
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP Server function resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
}
],
"trust": 0.8
}
}
VAR-202006-1511
Vulnerability from variot - Updated: 2024-11-23 22:33Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-f",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec fx series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-f series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec l series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec q series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "electric melsec fx",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-r",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-f",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec q",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec l",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"cve": "CVE-2020-5594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5594",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5594",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 10,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005854",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5594",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-005854",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5594",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU91424496",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-175-01",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2176",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"id": "VAR-202006-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
],
"trust": 1.3499999919999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
]
},
"last_update_date": "2024-11-23T22:33:25.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91424496"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2020-06-23T08:15:10.487000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2024-11-21T05:34:19.893000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R , iQ-F , Q , L , FX Of the series CPU With the unit GX Works3 and GX Works2 Vulnerability in plaintext communication between",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
}
}
VAR-201905-1060
Vulnerability from variot - Updated: 2024-11-23 22:21In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan's Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following MELSEC-Q series PLCs are affected: QJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qj71e71-100",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20121"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "( above the serial number 5 digits 20121 previous version )"
},
{
"model": "electric melsec-q series plcs j71e71-100 serial number",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=20121"
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20121"
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "18072"
},
{
"model": "electric qj71e71-100",
"scope": "ne",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20122"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Younes Dragoni and Alessandro Di Pinto of Nozomi Networks,Younes Dragoni and Alessandro Di Pinto of Nozomi Networks reported this vulnerability to Mitsubishi and NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10977",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-003963",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16527",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142577",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10977",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-003963",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10977",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2019-003963",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-16527",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-839",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142577",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan\u0027s Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following MELSEC-Q series PLCs are affected:\nQJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "VULHUB",
"id": "VHN-142577"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10977",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-141-02",
"trust": 2.8
},
{
"db": "BID",
"id": "108419",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU93268101",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-16527",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1867",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142577",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"id": "VAR-201905-1060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
}
]
},
"last_update_date": "2024-11-23T22:21:37.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u304a\u554f\u3044\u5408\u308f\u305b | \u4e09\u83f1\u96fb\u6a5f FA",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/fa/support/purchase/index.html"
},
{
"title": "Patch for MitsubishiElectricMELSEC-QSeriesPLCs Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/163035"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-755",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/108419"
},
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-141-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10977"
},
{
"trust": 0.9,
"url": "http://www.mitsubishi-automation.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10977"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93268101/"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-10977"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1867/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"date": "2019-05-23T00:00:00",
"db": "VULHUB",
"id": "VHN-142577"
},
{
"date": "2019-05-21T00:00:00",
"db": "BID",
"id": "108419"
},
{
"date": "2019-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"date": "2019-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"date": "2019-05-23T14:29:07.610000",
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142577"
},
{
"date": "2019-05-21T00:00:00",
"db": "BID",
"id": "108419"
},
{
"date": "2019-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"date": "2024-11-21T04:20:16.957000",
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC-Q series Ethernet Service operation interruption in the interface unit (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
}
}
VAR-202003-1417
Vulnerability from variot - Updated: 2024-11-23 22:16Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iu1-1m20-d",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.0.7"
},
{
"model": "iu1-1m20-d",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "1.0.7"
},
{
"model": "electric melqic iu1",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=1.0.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:iu1-1m20-d_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
}
]
},
"cve": "CVE-2020-5544",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5544",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003078",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19568",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5544",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003078",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5544",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003078",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-19568",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1005",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5544"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNVD",
"id": "CNVD-2020-19568"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5544",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92370624",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-19568",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"id": "VAR-202003-1417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
}
]
},
"last_update_date": "2024-11-23T22:16:36.325000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELQIC IU1 \u30b7\u30ea\u30fc\u30ba\u306eTCP/IP \u30b9\u30bf\u30c3\u30af\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf"
},
{
"title": "Patch for Mitsubishi Electric MELQIC IU1 TCP function code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210995"
},
{
"title": "Mitsubishi Electric MELQIC IU1 TCP Measures to fix bugs in function code problems",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112427"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://jvn.jp/en/vu/jvnvu92370624/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5544"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92370624/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5544"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"date": "2020-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"date": "2020-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"date": "2020-03-16T02:15:10.997000",
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"date": "2020-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"date": "2024-11-21T05:34:14.890000",
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELQIC IU1 TCP function code issue vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
}
],
"trust": 0.6
}
}
VAR-202007-0208
Vulnerability from variot - Updated: 2024-11-23 22:11A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"_id": null,
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"_id": null,
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"_id": null,
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "bizviz",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "energy analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "facility analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis 64",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis32",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "hyper historian",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mobilehmi",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "quality analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "smart energy analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "64"
},
{
"_id": null,
"model": "mc works 32",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"_id": null,
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"_id": null,
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:iconics:bizviz",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:energy_analytix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:facility_analytix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:genesis64",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:genesis32",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:hyper_historian",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:mobilehmi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:quality_analytix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:smart_energy_analytix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mc_works",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mc_works32",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
}
]
},
"credits": {
"_id": null,
"data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12015",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12015",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008308",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34372",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12015",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008308",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12015",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12015",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008308",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-12015",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"description": {
"_id": null,
"data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
}
],
"trust": 3.15
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12015",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-780",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34372",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95379131",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10297",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "4BDA61CA-BD50-4B09-A018-05EA35FF2332",
"trust": 0.2
},
{
"db": "IVD",
"id": "31AD87C7-757E-410A-89C6-906CC763B446",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"id": "VAR-202007-0208",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
}
]
},
"last_update_date": "2024-11-23T22:11:26.711000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://iconics.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/"
},
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222933"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 2.3,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12015"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12015"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95379131/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-780/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"ident": null
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-780",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-34372",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12015",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"ident": null
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"ident": null
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-780",
"ident": null
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34372",
"ident": null
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"ident": null
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"ident": null
},
{
"date": "2020-07-16T22:15:11.493000",
"db": "NVD",
"id": "CVE-2020-12015",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-780",
"ident": null
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34372",
"ident": null
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"ident": null
},
{
"date": "2020-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"ident": null
},
{
"date": "2024-11-21T04:59:07.153000",
"db": "NVD",
"id": "CVE-2020-12015",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Unreliable data deserialization vulnerabilities in multiple MC products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
],
"trust": 1.0
}
}
VAR-202007-1224
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.
CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5596",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38410",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5596",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5596",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-38410",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-305",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5596",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-38410",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"id": "VAR-202007-1224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
]
},
"last_update_date": "2024-11-23T22:05:45.706000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Multiple Mitsubishi Electric product authorization issues and vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248851"
},
{
"title": "Multiple Mitsubishi Electric Product Authorization Issue Vulnerability Fixing Measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.8
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5596"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"date": "2020-07-07T09:15:10.153000",
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"date": "2024-11-21T05:34:20.100000",
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
],
"trust": 0.6
}
}
VAR-202007-1223
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.
CoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5595",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38411",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5595",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5595",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-38411",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-304",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5595"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5595",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-38411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"id": "VAR-202007-1223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
]
},
"last_update_date": "2024-11-23T22:05:45.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Buffer overflow vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248901"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5595"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"date": "2020-07-07T09:15:10.057000",
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"date": "2024-11-21T05:34:20",
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
}
],
"trust": 0.6
}
}
VAR-202007-1225
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5597",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46801",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5597",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5597",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46801",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-306",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5597",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46801",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"id": "VAR-202007-1225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
]
},
"last_update_date": "2024-11-23T22:05:45.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Null pointer reference vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231106"
},
{
"title": "Multiple Mitsubishi Electric Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123231"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5597"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"date": "2020-07-07T09:15:10.230000",
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"date": "2024-11-21T05:34:20.197000",
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
],
"trust": 0.6
}
}
VAR-202007-1228
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5600",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5600",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46798",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5600",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5600",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46798",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-308",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5600",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46798",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"id": "VAR-202007-1228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
]
},
"last_update_date": "2024-11-23T22:05:45.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Resource management errors and vulnerabilities in multiple Mitsubishi Electric products (CNVD-2020-46798)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231124"
},
{
"title": "Multiple Mitsubishi Electric Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124077"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"date": "2020-07-07T09:15:10.450000",
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"date": "2024-11-21T05:34:20.490000",
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
],
"trust": 0.6
}
}
VAR-202007-1226
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5598",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46800",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5598",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5598",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-307",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-5598",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5598",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46800",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5598",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"id": "VAR-202007-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
}
]
},
"last_update_date": "2024-11-23T22:05:45.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Access control error vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231115"
},
{
"title": "Multiple Mitsubishi Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124076"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5598"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"date": "2020-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"date": "2020-07-07T09:15:10.307000",
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"date": "2024-11-21T05:34:20.297000",
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
],
"trust": 0.6
}
}
VAR-202007-1227
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5599",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46799",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5599",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5599",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46799",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-309",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5599"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5599",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46799",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"id": "VAR-202007-1227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
]
},
"last_update_date": "2024-11-23T22:05:45.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Injection vulnerabilities in many Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231121"
},
{
"title": "Multiple Mitsubishi Electric Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124078"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.8
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5599"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"date": "2020-07-07T09:15:10.370000",
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"date": "2024-11-21T05:34:20.397000",
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
],
"trust": 0.6
}
}
VAR-202011-1259
Vulnerability from variot - Updated: 2024-11-23 22:05Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series CPU The unit is exhausted (CWE-400) Vulnerability exists. According to the developer, the engineering tool " Web If the "whether or not server is used" setting is set to "not used", it is not affected by this vulnerability. ( The default setting is "not used" ) .. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : NEC Corporation Tomoomi Iwata Mr. A reset is required for recovery
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-r16",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r02",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "05"
},
{
"model": "melsec iq-r01",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "05"
},
{
"model": "melsec iq-r02",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "19"
},
{
"model": "melsec iq-r16",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r08",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r01",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "19"
},
{
"model": "melsec iq-r04",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r00",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "19"
},
{
"model": "melsec iq-r08",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r120",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r32",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "51"
},
{
"model": "melsec iq-r120",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r04",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r32",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "35"
},
{
"model": "melsec iq-r00",
"scope": "gte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "05"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "r00/01/02cpu \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 \"05\" \u304b\u3089 \"19\""
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "r04/08/16/32/120(en)cpu \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 \"35\" \u304b\u3089 \"51\""
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
}
]
},
"cve": "CVE-2020-5666",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-5666",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 5.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000072",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5666",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000072",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5666",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000072",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1002",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from \u002705\u0027 to \u002719\u0027 and R04/08/16/32/120(EN)CPU Firmware versions from \u002735\u0027 to \u002751\u0027) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series CPU The unit is exhausted (CWE-400) Vulnerability exists. According to the developer, the engineering tool \" Web If the \"whether or not server is used\" setting is set to \"not used\", it is not affected by this vulnerability. ( The default setting is \"not used\" ) .. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : NEC Corporation Tomoomi Iwata Mr. A reset is required for recovery",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5666"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN44764844",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-317-01",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-5666",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000072",
"trust": 1.4
},
{
"db": "AUSCERT",
"id": "ESB-2020.4044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"id": "VAR-202011-1259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T22:05:19.579000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R \u30b7\u30ea\u30fc\u30ba CPU \u30e6\u30cb\u30c3\u30c8\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u62d2\u5426 (DoS) \u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-015.pdf"
},
{
"title": "Mitsubishi Electric MELSEC iQ-R series Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135734"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01"
},
{
"trust": 2.4,
"url": "https://jvn.jp/jp/jvn44764844/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-015_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn44764844/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5666"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4044/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5666"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000072.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-12T03:28:15",
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"date": "2020-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"date": "2020-11-16T01:15:13.327000",
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-13T02:24:14",
"db": "JVNDB",
"id": "JVNDB-2020-000072"
},
{
"date": "2020-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1002"
},
{
"date": "2024-11-21T05:34:26.980000",
"db": "NVD",
"id": "CVE-2020-5666"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MELSEC iQ-R Series sequencer CPU Resource exhaustion vulnerability in the unit",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000072"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1002"
}
],
"trust": 0.6
}
}
VAR-201804-0783
Vulnerability from variot - Updated: 2024-11-23 22:00Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "e-designer",
"scope": null,
"trust": 3.5,
"vendor": "mitsubishi electric",
"version": null
},
{
"_id": null,
"model": "e-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishielectric",
"version": "7.52"
},
{
"_id": null,
"model": "e-designer",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.52 build 344"
},
{
"_id": null,
"model": "electric europe b.v. e-designer build",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"_id": null,
"model": "electric e-designer build",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e designer",
"version": "7.52"
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
}
],
"trust": 3.5
},
"cve": "CVE-2017-9636",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9636",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 3.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9636",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22836",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9636",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-9636",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9636",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9636",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-22836",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-867",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-9636",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"description": {
"_id": null,
"data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
}
],
"trust": 5.85
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-9636",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100097",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22836",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3802",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-510",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3794",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-518",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3795",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-517",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3800",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-512",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3801",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-511",
"trust": 0.7
},
{
"db": "IVD",
"id": "DE3E14C2-EB4D-4863-9A11-51565DA2E669",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-9636",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"id": "VAR-201804-0783",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
}
]
},
"last_update_date": "2024-11-23T22:00:37.020000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/"
},
{
"title": "Patch for Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability (CNVD-2017-22836)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100853"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 6.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9636"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9636"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-510",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-518",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-517",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-512",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-511",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22836",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-9636",
"ident": null
},
{
"db": "BID",
"id": "100097",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-9636",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-510",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-518",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-517",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-512",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-511",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22836",
"ident": null
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9636",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097",
"ident": null
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-867",
"ident": null
},
{
"date": "2018-04-17T14:29:00.417000",
"db": "NVD",
"id": "CVE-2017-9636",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-510",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-518",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-517",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-512",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-511",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22836",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9636",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097",
"ident": null
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-867",
"ident": null
},
{
"date": "2024-11-21T03:36:33.803000",
"db": "NVD",
"id": "CVE-2017-9636",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Mitsubishi E-Designer Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
],
"trust": 0.8
}
}
VAR-201804-0782
Vulnerability from variot - Updated: 2024-11-23 22:00Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Mitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishielectric",
"version": "7.52"
},
{
"model": "e-designer",
"scope": null,
"trust": 1.4,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "e-designer",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.52 build 344"
},
{
"model": "electric europe b.v. e-designer build",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": "electric e-designer build",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e designer",
"version": "7.52"
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
}
],
"trust": 1.4
},
"cve": "CVE-2017-9634",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9634",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9634",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22837",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9634",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-9634",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9634",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9634",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-22837",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-869",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-9634",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. \nMitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9634",
"trust": 5.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100097",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22837",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3804",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-507",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3759",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-506",
"trust": 0.7
},
{
"db": "IVD",
"id": "3F385BD9-7C1C-4E38-AD57-7DB92192B1A5",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-9634",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"id": "VAR-201804-0782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
}
]
},
"last_update_date": "2024-11-23T22:00:36.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/"
},
{
"title": "Mitsubishi Electric Europe B.V. E-Designer patch for out-of-bounds write vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100852"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9634"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9634"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"date": "2018-04-17T14:29:00.353000",
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"date": "2024-11-21T03:36:33.573000",
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer Vulnerable to out-of-bounds writing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
],
"trust": 0.8
}
}
VAR-201804-0784
Vulnerability from variot - Updated: 2024-11-23 22:00Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of SetupAlarm sections of a mpa (project specification) file. When parsing the property Font, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "e-designer",
"scope": null,
"trust": 4.2,
"vendor": "mitsubishi electric",
"version": null
},
{
"_id": null,
"model": "e-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishielectric",
"version": "7.52"
},
{
"_id": null,
"model": "e-designer",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.52 build 344"
},
{
"_id": null,
"model": "electric europe b.v. e-designer build",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"_id": null,
"model": "electric e-designer build",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e designer",
"version": "7.52"
}
],
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
}
],
"trust": 4.2
},
"cve": "CVE-2017-9638",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9638",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 4.2,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9638",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22835",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9638",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-9638",
"trust": 4.2,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9638",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9638",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-22835",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-865",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-9638",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
}
]
},
"description": {
"_id": null,
"data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of SetupAlarm sections of a mpa (project specification) file. When parsing the property Font, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9638"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
}
],
"trust": 6.48
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-9638",
"trust": 7.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100097",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22835",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3803",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-508",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3808",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-509",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3796",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-516",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3798",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-514",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3799",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-513",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3797",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-515",
"trust": 0.7
},
{
"db": "IVD",
"id": "BA5B1D78-480A-4BC9-A667-E19335367D20",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-9638",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
}
]
},
"id": "VAR-201804-0784",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
}
]
},
"last_update_date": "2024-11-23T22:00:36.899000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 4.2,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/"
},
{
"title": "Patch for Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100854"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 7.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9638"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9638"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-508"
},
{
"db": "ZDI",
"id": "ZDI-17-509"
},
{
"db": "ZDI",
"id": "ZDI-17-516"
},
{
"db": "ZDI",
"id": "ZDI-17-514"
},
{
"db": "ZDI",
"id": "ZDI-17-513"
},
{
"db": "ZDI",
"id": "ZDI-17-515"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
},
{
"db": "VULMON",
"id": "CVE-2017-9638"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
},
{
"db": "NVD",
"id": "CVE-2017-9638"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-508",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-509",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-516",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-514",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-513",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-515",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22835",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-9638",
"ident": null
},
{
"db": "BID",
"id": "100097",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013251",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-9638",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-508",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-509",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-516",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-514",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-513",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-515",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22835",
"ident": null
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9638",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097",
"ident": null
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013251",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-865",
"ident": null
},
{
"date": "2018-04-17T14:29:00.463000",
"db": "NVD",
"id": "CVE-2017-9638",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-508",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-509",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-516",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-514",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-513",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-515",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22835",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9638",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097",
"ident": null
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013251",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-865",
"ident": null
},
{
"date": "2024-11-21T03:36:34.040000",
"db": "NVD",
"id": "CVE-2017-9638",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "CNVD",
"id": "CNVD-2017-22835"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "ba5b1d78-480a-4bc9-a667-e19335367d20"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-865"
}
],
"trust": 0.8
}
}
VAR-202010-0395
Vulnerability from variot - Updated: 2024-11-23 21:51Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. of multiple Mitsubishi Electric products TCP A vulnerability in session management exists in the protocol stack. This vulnerability information is provided by the developer for the purpose of dissemination to product users. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of ACK packets. When generating ACK packets, the application uses a predictable sequence number. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Mitsubishi Electric gt14 model是日本三菱电机(Mitsubishi Electric)公司的一个用于工业生产过程中提供人机交互界面的设备. Mitsubishi Electric 多个产品存在命令执行漏洞,该漏洞允许攻击者冒充合法设备,从而使攻击者能够远程执行任意命令。以下产品和版本受到影响:QJ71MES96 all versions,QJ71WS96 all versions,Q06CCPU-V all versions,Q24DHCCPU-V all versions,Q24DHCCPU-VG all versions,R12CCPU-V Version 13 and prior,RD55UP06-V Version 09 and prior,RD55UP12-V Version 01,RJ71GN11-T2 Version 11 and prior,RJ71EN71 all versions,QJ71E71-100 all versions,LJ71E71-100 all versions,QJ71MT91 all versions,RD78Gn(n=4,8,16,32,64) all versions,RD78GHV all versions,RD78GHW all versions,NZ2GACP620-60 all versions,NZ2GACP620-300 all versions,NZ2FT-MT all versions,NZ2FT-EIP all versions,Q03UDECPU the first 5 digits of serial number 22081 and prior,QnUDEHCPU(n=04/06/10/13/20/26/50/100) the first 5 digits of serial number 22081 and prior,QnUDVCPU(n=03/04/06/13/26) the first 5 digits of serial number 22031 and prior,QnUDPVCPU(n=04/06/13/26) the first 5 digits of serial number 22031 and prior,LnCPU(-P)(n=02/06/26) the first 5 digits of serial number 22051 and prior,L26CPU-(P)BT the first 5 digits of serial number 22051 and prior,RnCPU(n=00/01/02) Version 18 and prior,RnCPU(n=04/08/16/32/120) Version 50 and prior,RnENCPU(n=04/08/16/32/120) Version 50 and prior,RnSFCPU (n=08/16/32/120) Version 22 and prior,RnPCPU(n=08/16/32/120) Version 24 and prior,RnPSFCPU(n=08/16/32/120) Version 05 and prior,FX5U(C)-M*/,FX5UC-32M/-TS Version 1.210 and prior,FX5UJ-M/ Version 1.000,FX5-ENET Version 1.002 and prior,FX5-ENET/IP Version 1.002 and prior,FX3U-ENET-ADP Version 1.22 and prior,FX3GE-M/* the first 3 digits of serial number 20X and prior,FX3U-ENET Version 1.14 and prior,FX3U-ENET-L Version 1.14 and prior,FX3U-ENET-P502 Version 1.14 and prior,FX5-CCLGN-MS Version 1.000,IU1-1M20-D all versions,LE7-40GU-L all versions,GOT2000 Series GT21 Model all versions,GS Series all versions,GOT1000 Series GT14 Model all versions,GT25-J71GN13-T2 all versions,FR-A800-E Series production date December 2020 and prior,FR-F800-E Series production date December 2020 and prior,FR-A8NCG Production date August 2020 and prior,FR-E800-EPA Series Production date July 2020 and prior,FR-E800-EPB Series Production date July 2020 and prior,Conveyor Tracking Application APR-nTR3FH APR-nTR6FH APR-nTR12FH APR-nTR20FH(n=1,2) all versions (Discontinued product),MR-JE-C all versions,MR-J4-TM all versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0395",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fr-f842-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rnpsfcpu\\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "qj71ws96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-14mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-f860-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "q24dhccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-24mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx3u-enet",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "q24dhccpu-vg",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rnpcpu\\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "got2000 series gt21",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-60mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5-enet-adp",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a860-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rd55up06-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-40mr\\/ds",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-40mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uc-32mr\\/ds-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "got1000 series gt14",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "conveyor tracking application apr-ntr12fh",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "rd78ghv",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-f820-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-f840-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "qnudehcpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22081"
},
{
"model": "qnudpvcpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22031"
},
{
"model": "fx5uj-24mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "nz2gacp620-60",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rnsfcpu \\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rj71en71",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5-enet",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a862-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "mr-j4-tm",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "r12ccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "mr-je-c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-40mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-40mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx3g-32 mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "qnudvcpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22031"
},
{
"model": "lj71e71-100",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-40mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx5uc-32mt\\/d",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "fx5uj-60mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx3g-14mr\\/ds",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-14mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5-cclgn-ms",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a8ncge",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "2020-08"
},
{
"model": "qj71mt91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a820-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-60mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fr-e800-epa",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "2020-07"
},
{
"model": "got simple series gs21",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-e800-epb",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "2020-07"
},
{
"model": "fx3g-14mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rj71gn11-t2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-40mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "le7-40gu-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-40mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "iu1-1m20-d",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "nz2gacp620-300",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "l26cpu-\\ bt",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22051"
},
{
"model": "nz2ft-mt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "q06ccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-f862-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "conveyor tracking application apr-ntr6fh",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3g-24mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rd78gn\\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-24mr\\/ds",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "lncpu\\ \\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22051"
},
{
"model": "fx3g-60mr\\/ds",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "conveyor tracking application apr-ntr3fh",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-24mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "conveyor tracking application apr-ntr20fh\\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3u-enet-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a842-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a840-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-60mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rd78ghw",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uc-32mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "rncpu\\ t",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "18"
},
{
"model": "fx3u-enet-p502",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "gt25-j71gn13-t2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uc-32mt\\/ds-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "q03udecpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22081"
},
{
"model": "fx5uj-60mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx5uc-32mt\\/dss-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "fx5-enet\\/ip",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-60mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rncpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "50"
},
{
"model": "fx3g-24mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rnencpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "50"
},
{
"model": "qj71mes96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-24mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "rd55up12-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "nz2ft-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "(multiple products)"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * ac the servo melservo"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * lossnay central ventilation system"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * display got"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * air conditioning control system / centralized controller"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * air conditioning control system / expansion controller"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * energy measurement unit"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "affected products s vary widely. for more information, please check the information provided by the developer."
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * range hood fan"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * data collection analyzer melqic"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * hems compatible adapter, lan adapter"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * air conditioning control system / bm adapter"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * room air conditioner"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * bath drying/heating/ventilation system"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * solar power system color monitor eco guide"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * ventilation fan for duct"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * tension controller"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * inverter freqrol"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * mitsubishi energy saving dem monitoring server e-energy"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * robot melfa"
},
{
"model": "melsec iq-f",
"scope": null,
"trust": 0.7,
"vendor": "mitsubishi electric",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ta-Lun Yen of TXOne IoT/ICS Security Research Labs (Trend Micro)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
}
],
"trust": 0.7
},
"cve": "CVE-2020-16226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-16226",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16226",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-16226",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16226",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16226",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-16226",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-16226",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-074",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-16226",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. of multiple Mitsubishi Electric products TCP A vulnerability in session management exists in the protocol stack. This vulnerability information is provided by the developer for the purpose of dissemination to product users. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of ACK packets. When generating ACK packets, the application uses a predictable sequence number. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Mitsubishi Electric gt14 model\u662f\u65e5\u672c\u4e09\u83f1\u7535\u673a\uff08Mitsubishi Electric\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u5de5\u4e1a\u751f\u4ea7\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u4eba\u673a\u4ea4\u4e92\u754c\u9762\u7684\u8bbe\u5907. \nMitsubishi Electric \u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u5192\u5145\u5408\u6cd5\u8bbe\u5907\uff0c\u4ece\u800c\u4f7f\u653b\u51fb\u8005\u80fd\u591f\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aQJ71MES96 all versions\uff0cQJ71WS96 all versions\uff0cQ06CCPU-V all versions\uff0cQ24DHCCPU-V all versions\uff0cQ24DHCCPU-VG all versions\uff0cR12CCPU-V Version 13 and prior\uff0cRD55UP06-V Version 09 and prior\uff0cRD55UP12-V Version 01\uff0cRJ71GN11-T2 Version 11 and prior\uff0cRJ71EN71 all versions\uff0cQJ71E71-100 all versions\uff0cLJ71E71-100 all versions\uff0cQJ71MT91 all versions\uff0cRD78Gn(n=4,8,16,32,64) all versions\uff0cRD78GHV all versions\uff0cRD78GHW all versions\uff0cNZ2GACP620-60 all versions\uff0cNZ2GACP620-300 all versions\uff0cNZ2FT-MT all versions\uff0cNZ2FT-EIP all versions\uff0cQ03UDECPU the first 5 digits of serial number 22081 and prior\uff0cQnUDEHCPU(n=04/06/10/13/20/26/50/100) the first 5 digits of serial number 22081 and prior\uff0cQnUDVCPU(n=03/04/06/13/26) the first 5 digits of serial number 22031 and prior\uff0cQnUDPVCPU(n=04/06/13/26) the first 5 digits of serial number 22031 and prior\uff0cLnCPU(-P)(n=02/06/26) the first 5 digits of serial number 22051 and prior\uff0cL26CPU-(P)BT the first 5 digits of serial number 22051 and prior\uff0cRnCPU(n=00/01/02) Version 18 and prior\uff0cRnCPU(n=04/08/16/32/120) Version 50 and prior\uff0cRnENCPU(n=04/08/16/32/120) Version 50 and prior\uff0cRnSFCPU (n=08/16/32/120) Version 22 and prior\uff0cRnPCPU(n=08/16/32/120) Version 24 and prior\uff0cRnPSFCPU(n=08/16/32/120) Version 05 and prior\uff0cFX5U(C)-**M*/**\uff0cFX5UC-32M*/**-TS Version 1.210 and prior\uff0cFX5UJ-**M*/** Version 1.000\uff0cFX5-ENET Version 1.002 and prior\uff0cFX5-ENET/IP Version 1.002 and prior\uff0cFX3U-ENET-ADP Version 1.22 and prior\uff0cFX3GE-**M*/** the first 3 digits of serial number 20X and prior\uff0cFX3U-ENET Version 1.14 and prior\uff0cFX3U-ENET-L Version 1.14 and prior\uff0cFX3U-ENET-P502 Version 1.14 and prior\uff0cFX5-CCLGN-MS Version 1.000\uff0cIU1-1M20-D all versions\uff0cLE7-40GU-L all versions\uff0cGOT2000 Series GT21 Model all versions\uff0cGS Series all versions\uff0cGOT1000 Series GT14 Model all versions\uff0cGT25-J71GN13-T2 all versions\uff0cFR-A800-E Series production date December 2020 and prior\uff0cFR-F800-E Series production date December 2020 and prior\uff0cFR-A8NCG Production date August 2020 and prior\uff0cFR-E800-EPA Series Production date July 2020 and prior\uff0cFR-E800-EPB Series Production date July 2020 and prior\uff0cConveyor Tracking Application APR-nTR3FH APR-nTR6FH APR-nTR12FH APR-nTR20FH(n=1,2) all versions (Discontinued product)\uff0cMR-JE-C all versions\uff0cMR-J4-TM all versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16226",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-245-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU93926439",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10966",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-1207",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3041",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4767",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16226",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"id": "VAR-202010-0395",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2024-11-23T21:51:16.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "of our products TCP Spoofing Vulnerability in Protocol Stack",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-009.pdf"
},
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01"
},
{
"title": "mitsubishielectric Fixes for remote command execution vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=127702"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-342",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93926439/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3041/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16226"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4767"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/342.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-245-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"date": "2020-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"date": "2020-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"date": "2020-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"date": "2020-10-05T18:15:13.133000",
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"date": "2022-09-26T08:55:00",
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"date": "2022-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"date": "2024-11-21T05:06:58.517000",
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "of multiple Mitsubishi Electric products \u00a0TCP\u00a0 Session management flaw in protocol stack",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command execution",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
}
],
"trust": 0.6
}
}
VAR-202003-1411
Vulnerability from variot - Updated: 2024-11-23 20:02When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R , iQ-F , Q , L , F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company.
Many Mitsubishi Electric products have resource management error vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cr800-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q25prhcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r32encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12prhcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3u",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3g",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-pbt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q26dhccpu-ls",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r16encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5u",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l06cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12dccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q25phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r32cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r120encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3s",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r120cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q02phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-ls",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l06cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r08cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q172dscpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r00cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-bt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r04encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02cpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-vg2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q12phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx5uj",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r16cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3gc",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q24dhccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r01cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r02cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q06phcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q173nccpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q173dscpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r08encpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02scpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l02scpu-p",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "r04cpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "melsec f series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec iq-f series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec iq-r series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec l series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec q series",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric melsec iq-r series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec iq-f series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec q series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec l series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
},
{
"model": "electric melsec f series",
"scope": null,
"trust": 0.6,
"vendor": "misubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
]
},
"cve": "CVE-2020-5527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5527",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002958",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-29576",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5527",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002958",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-002958",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-29576",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1699",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. Provided by Mitsubishi Electric Corporation MELSEC iQ-R \uff0c iQ-F \uff0c Q \uff0c L \uff0c F Of the series MELSOFT Communication port (UDP/IP) Is a resource exhaustion vulnerability (CWE-400) Exists. MELSOFT If a large amount of data is sent to the communication port, the resources will be exhausted and processing will not be performed on that port, which will interfere with service operation. (DoS) It may be in a state. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.MELSOFT If the communication port goes into an unprocessable state, a normal client MELSOFT You will not be able to connect to the communication port. Also, it becomes difficult to connect devices that are communicating on other communication ports. Misubishi Electric MELSEC iQ-R series, etc. are all programmable logic controllers of Japan Mitsubishi Electric (Misubishi Electric) company. \n\r\n\r\nMany Mitsubishi Electric products have resource management error vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5527",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91553662",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-091-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-29576",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1157",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"id": "VAR-202003-1411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
}
]
},
"last_update_date": "2024-11-23T20:02:16.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSOFT\u4ea4\u4fe1\u30dd\u30fc\u30c8\uff08UDP/IP\uff09\u306b\u304a\u3051\u308b\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-005.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu91553662/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-005_en.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5527"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91553662/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5527"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1157/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"date": "2020-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"date": "2020-03-30T08:15:17.640000",
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-29576"
},
{
"date": "2020-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002958"
},
{
"date": "2020-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1699"
},
{
"date": "2024-11-21T05:34:13.020000",
"db": "NVD",
"id": "CVE-2020-5527"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC Of the series MELSOFT Resource exhaustion vulnerability in communication ports",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002958"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1699"
}
],
"trust": 0.6
}
}
VAR-202211-1878
Vulnerability from variot - Updated: 2024-08-14 15:42Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.If the product receives a specially crafted packet by a remote third party, the product will cause a denial of service. (DoS) may become a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1878",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r32encpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "65"
},
{
"model": "r04encpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "65"
},
{
"model": "r120encpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "65"
},
{
"model": "r08encpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "65"
},
{
"model": "rj71en71",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "65"
},
{
"model": "r16encpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "65"
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "melsec iq-r series r04/08/16/32/120encpu ( network department ) firmware \"65\" and earlier"
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "melsec iq-r series rj71en71 firmware \"65\" and earlier"
},
{
"model": "melsec iq-r04",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": "\u003c=65"
},
{
"model": "melsec iq-r08",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": "\u003c=65"
},
{
"model": "melsec iq-r16",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": "\u003c=65"
},
{
"model": "melsec iq-r32",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": "\u003c=65"
},
{
"model": "melsec iq-r120encpu",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": "\u003c=65"
},
{
"model": "melsec iq-rj71en71",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": "\u003c=65"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"db": "NVD",
"id": "CVE-2022-40265"
}
]
},
"cve": "CVE-2022-40265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-85487",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-40265",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-40265",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-002767",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-40265",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"id": "CVE-2022-40265",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002767",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-85487",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3700",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3700"
},
{
"db": "NVD",
"id": "CVE-2022-40265"
},
{
"db": "NVD",
"id": "CVE-2022-40265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version \"65\" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version \"65\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.If the product receives a specially crafted packet by a remote third party, the product will cause a denial of service. (DoS) may become a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40265"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"db": "VULMON",
"id": "CVE-2022-40265"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40265",
"trust": 3.9
},
{
"db": "JVN",
"id": "JVNVU94702422",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-335-01",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002767",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-85487",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6281",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3700",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40265",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"db": "VULMON",
"id": "CVE-2022-40265"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3700"
},
{
"db": "NVD",
"id": "CVE-2022-40265"
}
]
},
"id": "VAR-202211-1878",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85487"
}
],
"trust": 1.5166666666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85487"
}
]
},
"last_update_date": "2024-08-14T15:42:05.936000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC\u00a0iQ-R\u00a0 series \u00a0Ethernet\u00a0 Denial of Service on Interface Units (DoS) Vulnerability",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-017.pdf"
},
{
"title": "Patch for Mitsubishi Electric Corporation MELSEC iQ-R Series Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/365051"
},
{
"title": "Mitsubishi Electric MELSEC iQ-R series Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216560"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3700"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"db": "NVD",
"id": "CVE-2022-40265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://jvn.jp/vu/jvnvu94702422"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94702422/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40265"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6281"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40265/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"db": "VULMON",
"id": "CVE-2022-40265"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3700"
},
{
"db": "NVD",
"id": "CVE-2022-40265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"db": "VULMON",
"id": "CVE-2022-40265"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3700"
},
{
"db": "NVD",
"id": "CVE-2022-40265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40265"
},
{
"date": "2022-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"date": "2022-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3700"
},
{
"date": "2022-11-30T01:15:09.873000",
"db": "NVD",
"id": "CVE-2022-40265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85487"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40265"
},
{
"date": "2022-12-16T01:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-002767"
},
{
"date": "2022-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3700"
},
{
"date": "2022-12-06T19:36:10.460000",
"db": "NVD",
"id": "CVE-2022-40265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3700"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric \u00a0MELSEC\u00a0iQ-R\u00a0 series \u00a0Ethernet\u00a0 Improper Input Validation Vulnerability in Interface Unit",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002767"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3700"
}
],
"trust": 0.6
}
}
CVE-2022-40266 (GCVE-0-2022-40266)
Vulnerability from nvd – Published: 2022-11-24 08:20 – Updated: 2025-04-25 17:56- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric | GOT2000 Series GT27 model |
Affected:
FTP server versions 01.39.000 and prior
|
|
| Mitsubishi Electric | GOT2000 Series GT25 model |
Affected:
FTP server versions 01.39.000 and prior
|
|
| Mitsubishi Electric | GOT2000 Series GT23 model |
Affected:
FTP server versions 01.39.000 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95633416"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T17:56:28.262332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T17:56:41.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 Series GT27 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
},
{
"product": "GOT2000 Series GT25 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
},
{
"product": "GOT2000 Series GT23 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
}
],
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T08:20:14.606Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU95633416"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-40266",
"datePublished": "2022-11-24T08:20:14.606Z",
"dateReserved": "2022-09-08T19:40:16.931Z",
"dateUpdated": "2025-04-25T17:56:41.874Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40266 (GCVE-0-2022-40266)
Vulnerability from cvelistv5 – Published: 2022-11-24 08:20 – Updated: 2025-04-25 17:56- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric | GOT2000 Series GT27 model |
Affected:
FTP server versions 01.39.000 and prior
|
|
| Mitsubishi Electric | GOT2000 Series GT25 model |
Affected:
FTP server versions 01.39.000 and prior
|
|
| Mitsubishi Electric | GOT2000 Series GT23 model |
Affected:
FTP server versions 01.39.000 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95633416"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T17:56:28.262332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T17:56:41.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 Series GT27 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
},
{
"product": "GOT2000 Series GT25 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
},
{
"product": "GOT2000 Series GT23 model",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "FTP server versions 01.39.000 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
}
],
"value": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T08:20:14.606Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-016_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU95633416"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-40266",
"datePublished": "2022-11-24T08:20:14.606Z",
"dateReserved": "2022-09-08T19:40:16.931Z",
"dateUpdated": "2025-04-25T17:56:41.874Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}