Search
Find a vulnerability
Search criteria
58 vulnerabilities by mitsubishi
VAR-201902-0127
Vulnerability from variot - Updated: 2025-06-27 23:05Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan's Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "q06udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q100udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q26udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q13udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q04udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q26udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q04udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q20udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q10udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q06udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q06udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q26udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q13udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q04udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q03udecpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q50udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20101"
},
{
"model": "q03udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q13udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20081"
},
{
"model": "q03udecpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q03udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q04udpvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q04udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q06udpvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q06udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q13udpvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q13udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q26udpvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "q26udvcpu",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric q04/06/13/26udpvcpu",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20081"
},
{
"model": "electric q04/06/10/13/20/26/50/100udehcpu",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20101"
},
{
"model": "electric q03udecpu",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20101"
},
{
"model": "electric q03/04/06/13/26udvcpu",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20081"
}
],
"sources": [
{
"db": "BID",
"id": "106771"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q03udecpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q03udvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q04udpvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q04udvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q06udpvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q06udvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q13udpvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q13udvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q26udpvcpu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:q26udvcpu_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tri Quach of Amazon???s Customer Fulfillment Technology Security (CFTS),Tri Quach of Amazon???s Customer Fulfillment Technology Security (CFTS)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6535",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6535",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-157970",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6535",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6535",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6535",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2019-6535",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6535",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-973",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157970",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan\u0027s Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6535"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "BID",
"id": "106771"
},
{
"db": "VULHUB",
"id": "VHN-157970"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6535",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-029-02",
"trust": 2.8
},
{
"db": "BID",
"id": "106771",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98808",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-157970",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "BID",
"id": "106771"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"id": "VAR-201902-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
}
],
"trust": 0.85
},
"last_update_date": "2025-06-27T23:05:24.314000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC-Q\u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/fa/products/cnt/plcq/items/index.html"
},
{
"title": "Multiple Misubishi Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89040"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-029-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106771"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6535"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6535"
},
{
"trust": 0.3,
"url": "http://www.mitsubishi-automation.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "BID",
"id": "106771"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157970"
},
{
"db": "BID",
"id": "106771"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157970"
},
{
"date": "2019-01-29T00:00:00",
"db": "BID",
"id": "106771"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"date": "2019-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"date": "2019-02-05T19:29:00.243000",
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-157970"
},
{
"date": "2019-01-29T00:00:00",
"db": "BID",
"id": "106771"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001917"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-973"
},
{
"date": "2025-06-26T18:15:21.017000",
"db": "NVD",
"id": "CVE-2019-6535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Mitsubishi Electric Q Vulnerability related to resource depletion in series products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001917"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-973"
}
],
"trust": 0.6
}
}
VAR-201702-0077
Vulnerability from variot - Updated: 2025-04-20 23:34An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric qj71e71-b2",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric qj71e71-b5",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 b5",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 b2",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b5_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vladimir Dashchenko of Critical Infrastructure Defense Team",
"sources": [
{
"db": "BID",
"id": "94632"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8370",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8370",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-007661",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11833",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97190",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8370",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-007661",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8370",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-007661",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-11833",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-463",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97190",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8370"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "VULHUB",
"id": "VHN-97190"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8370",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-03",
"trust": 3.4
},
{
"db": "BID",
"id": "94632",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-11833",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99901500",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661",
"trust": 0.8
},
{
"db": "IVD",
"id": "E9B21E03-B557-44EB-B380-01D11C51C00C",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-97190",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"id": "VAR-201702-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
}
],
"trust": 1.7055555333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
}
]
},
"last_update_date": "2025-04-20T23:34:29.489000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/JVNVU99901500/479518/index.html"
},
{
"title": "Multiple Mitsubishi Electric MELSEC-Q series products have patches for security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84929"
},
{
"title": "Multiple Mitsubishi Electric Automation MELSEC-Q Repair measures for series product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67753"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.9
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-412",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94632"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99901500/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"db": "VULHUB",
"id": "VHN-97190"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-05T00:00:00",
"db": "IVD",
"id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
},
{
"date": "2016-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97190"
},
{
"date": "2016-12-01T00:00:00",
"db": "BID",
"id": "94632"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"date": "2017-02-13T21:59:01.220000",
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11833"
},
{
"date": "2017-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-97190"
},
{
"date": "2016-12-20T00:06:00",
"db": "BID",
"id": "94632"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-463"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8370"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC-Q Series Ethernet Multiple vulnerabilities in interface module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-463"
}
],
"trust": 0.6
}
}
VAR-201702-0075
Vulnerability from variot - Updated: 2025-04-20 23:34An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. Attackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric qj71e71-b2",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric qj71e71-b5",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "of"
},
{
"model": "qj71e71-b2",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "qj71e71-b5",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 b5",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "qj71e71 b2",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b5_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vladimir Dashchenko of Critical Infrastructure Defense Team",
"sources": [
{
"db": "BID",
"id": "94632"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8368",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8368",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-007661",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11832",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97188",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8368",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-007661",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8368",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-007661",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-11832",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-009",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97188",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. \nAttackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8368"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "VULHUB",
"id": "VHN-97188"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8368",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-03",
"trust": 3.4
},
{
"db": "BID",
"id": "94632",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-11832",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99901500",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661",
"trust": 0.8
},
{
"db": "IVD",
"id": "218C8DDF-AE70-4D34-AB2C-7271D1A5A80F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-97188",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"id": "VAR-201702-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
}
],
"trust": 1.7055555333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
}
]
},
"last_update_date": "2025-04-20T23:34:29.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/JVNVU99901500/479518/index.html"
},
{
"title": "Patches for multiple service violations in multiple Mitsubishi Electric MELSEC-Q series products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84928"
},
{
"title": "Mitsubishi Electric MELSEC-Q Series Product Security Bypass Vulnerabilities and Remediation Measures for Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65991"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-662",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
},
{
"problemtype": "CWE-412",
"trust": 0.8
},
{
"problemtype": "CWE-327",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94632"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99901500/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"db": "VULHUB",
"id": "VHN-97188"
},
{
"db": "BID",
"id": "94632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-05T00:00:00",
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"date": "2016-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97188"
},
{
"date": "2016-12-01T00:00:00",
"db": "BID",
"id": "94632"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"date": "2017-02-13T21:59:01.173000",
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11832"
},
{
"date": "2017-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-97188"
},
{
"date": "2016-12-20T00:06:00",
"db": "BID",
"id": "94632"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007661"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-009"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8368"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC-Q Series Ethernet Multiple vulnerabilities in interface module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007661"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-009"
}
],
"trust": 0.8
}
}
VAR-201410-0592
Vulnerability from variot - Updated: 2025-04-13 19:51The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. AppsGeyser Online Android A tool for creating applications. On the developer site, 2014 Year 12 Moon 22 As of the day 130 Over 10,000 Android Application AppsGeyser It is stated that it was created by. AppsGeyser Created with Android The application includes HTTPS In communication SSL Contains code to disable server certificate validation.AppsGeyser If you use an application created in Android A third party on the same network as the device may view or alter the communication content of the product. plural Android The app includes SSL A vulnerability exists that does not properly validate certificates. CERT/CC Then CERT Tapioca Was used to investigate this vulnerability. For details of the survey method, CERT/CC blog Please confirm. In addition, regarding this vulnerability, CERT Oracle Secure Coding Standard for Java of DRD19-J. Properly verify server certificate on SSL/TLS See also CERT Tapioca https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm CERT/CC blog https://www.cert.org/blogs/certcc/post.cfm?EntryID=204 DRD19-J. Properly verify server certificate on SSL/TLS https://www.securecoding.cert.org/confluence/x/CQAJCMan-in-the-middle attacks, although the impact depends on the behavior of the app (man-in-the-middle attack) By HTTPS Network traffic that should be protected by may be viewed or tampered with. As a result, authentication information may be obtained or arbitrary code may be executed. An attacker could use this vulnerability to perform a man-in-the-middle attack and impersonate a trusted server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mitsubishi road assist",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishicars",
"version": "1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appsgeyser",
"version": null
},
{
"model": "appsgeyser",
"scope": "eq",
"trust": 0.8,
"vendor": "besttoolbars",
"version": "created with android application"
},
{
"model": "mitsubishi road assist",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishicars",
"version": "1.0"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "road assist mitsubishi road assist application for android",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "1.0"
},
{
"model": "appsgeyser",
"scope": "eq",
"trust": 0.3,
"vendor": "appsgeyser",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mitsubishi road assist",
"version": "1"
}
],
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:besttoolbars:appsgeyser",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Dormann of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "71760"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.9
},
"cve": "CVE-2014-7486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2014-7486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-004043",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2014-07783",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7486",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-7486",
"trust": 0.8,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2014-004043",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-07783",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-871",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. AppsGeyser Online Android A tool for creating applications. On the developer site, 2014 Year 12 Moon 22 As of the day 130 Over 10,000 Android Application AppsGeyser It is stated that it was created by. AppsGeyser Created with Android The application includes HTTPS In communication SSL Contains code to disable server certificate validation.AppsGeyser If you use an application created in Android A third party on the same network as the device may view or alter the communication content of the product. plural Android The app includes SSL A vulnerability exists that does not properly validate certificates. CERT/CC Then CERT Tapioca Was used to investigate this vulnerability. For details of the survey method, CERT/CC blog Please confirm. In addition, regarding this vulnerability, CERT Oracle Secure Coding Standard for Java of DRD19-J. Properly verify server certificate on SSL/TLS See also CERT Tapioca https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm CERT/CC blog https://www.cert.org/blogs/certcc/post.cfm?EntryID=204 DRD19-J. Properly verify server certificate on SSL/TLS https://www.securecoding.cert.org/confluence/x/CQAJCMan-in-the-middle attacks, although the impact depends on the behavior of the app (man-in-the-middle attack) By HTTPS Network traffic that should be protected by may be viewed or tampered with. As a result, authentication information may be obtained or arbitrary code may be executed. An attacker could use this vulnerability to perform a man-in-the-middle attack and impersonate a trusted server",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7486"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 6.03
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#582497",
"trust": 4.9
},
{
"db": "NVD",
"id": "CVE-2014-7486",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#1680209",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU90369988",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#345425",
"trust": 1.6
},
{
"db": "BID",
"id": "71760",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-07783",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95399358",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505",
"trust": 0.6
},
{
"db": "IVD",
"id": "C19B48D0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"id": "VAR-201410-0592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
}
]
},
"last_update_date": "2025-04-13T19:51:21.816000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security with HTTPS and SSL",
"trust": 0.8,
"url": "http://developer.android.com/training/articles/security-ssl.html"
},
{
"title": "AppsGeyser",
"trust": 0.8,
"url": "http://www.appsgeyser.com/"
},
{
"title": "com.agero.mitsubishi",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.agero.mitsubishi"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"trust": 4.0,
"url": "https://docs.google.com/spreadsheets/d/1t5gxwjw82syunalvjb2w0zi3folrikfgpc7amjrf0r4/edit?usp=sharing"
},
{
"trust": 1.6,
"url": "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html"
},
{
"trust": 1.6,
"url": "http://developer.android.com/training/articles/security-ssl.html"
},
{
"trust": 1.6,
"url": "http://www.ftc.gov/news-events/press-releases/2014/03/fandango-credit-karma-settle-ftc-charges-they-deceived-consumers"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/files/p49.pdf"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/files/p50-fahl.pdf"
},
{
"trust": 1.6,
"url": "http://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 1.6,
"url": "http://cwe.mitre.org/data/definitions/296.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/vu/jvnvu90369988/index.html"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/345425"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7486"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/1680209"
},
{
"trust": 0.8,
"url": "http://www.appsgeyser.com/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95399358/index.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7486"
},
{
"trust": 0.8,
"url": "https://www.securecoding.cert.org/confluence/pages/viewpage.action;jsessionid=38139e999b01085a7ae8552ac02eac05?pageid=134807561"
},
{
"trust": 0.8,
"url": "https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm"
},
{
"trust": 0.8,
"url": "https://www.cert.org/blogs/certcc/post.cfm?entryid=204"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/about/press/20140919_1.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71760"
},
{
"trust": 0.3,
"url": "http://www.appsgeyser.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-03T00:00:00",
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-12-19T00:00:00",
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"date": "2014-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#582497"
},
{
"date": "2014-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71760"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"date": "2014-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"date": "2014-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"date": "2014-10-20T10:55:07.920000",
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"date": "2016-11-08T00:00:00",
"db": "CERT/CC",
"id": "VU#582497"
},
{
"date": "2014-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71760"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"date": "2014-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Road Assist application for Android Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.6
}
}
VAR-201510-0694
Vulnerability from variot - Updated: 2025-04-12 23:27The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. Mitsubishi Electric MELSEC FX3G PLC is a programmable logic controller (PLC) product of the MELSEC FX series from Mitsubishi Electric Corporation of Japan. Mitsubishi Melsec FX3G-24M and FX3U-ENET-ADP are prone to multiple denial-of-service vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0694",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec fx3g",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "melsec fx3g series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "(2015 year 4 before the month )"
},
{
"model": "electric europe b.v. melsec fx3g plc",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec fx3g-24m",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "2.10"
},
{
"model": "electric melsec fx3g series plc",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": "electric fx3u-enet-adp",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "melsec fx3g",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:mitsubishielectric:melsec_fx3g",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ralf Spenneberg",
"sources": [
{
"db": "BID",
"id": "76885"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3938",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3938",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06525",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "7090b600-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3938",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3938",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-06525",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. Mitsubishi Electric MELSEC FX3G PLC is a programmable logic controller (PLC) product of the MELSEC FX series from Mitsubishi Electric Corporation of Japan. Mitsubishi Melsec FX3G-24M and FX3U-ENET-ADP are prone to multiple denial-of-service vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3938",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-146-01",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2015-06525",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088",
"trust": 0.8
},
{
"db": "BID",
"id": "76885",
"trust": 0.3
},
{
"db": "IVD",
"id": "7090B600-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"id": "VAR-201510-0694",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
}
],
"trust": 1.59166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
}
]
},
"last_update_date": "2025-04-12T23:27:32.620000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/"
},
{
"title": "\u30b7\u30fc\u30b1\u30f3\u30b5 MELSEC",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/products/cnt/plc/index.html"
},
{
"title": "Mitsubishi Electric MELSEC FX3G PLC Device Resource Management Error Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/65065"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-146-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3938"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3938"
},
{
"trust": 0.3,
"url": "http://www.os-s.net/advisories/mitsubishi_fx3ge_parameter_error-engl.pdf"
},
{
"trust": 0.3,
"url": "http://www.mitsubishi-automation.com/products/software_mx_components_content.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "BID",
"id": "76885"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-15T00:00:00",
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"date": "2015-09-29T00:00:00",
"db": "BID",
"id": "76885"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"date": "2015-10-06T01:59:07.157000",
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"date": "2015-11-03T19:51:00",
"db": "BID",
"id": "76885"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005088"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-031"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-3938"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC FX3G PLC Device Resource Management Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06525"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "7090b600-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-031"
}
],
"trust": 0.8
}
}
VAR-201209-0581
Vulnerability from variot - Updated: 2025-04-11 23:20Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. CitectSCADA is software for providing monitoring and control functions in the Data Acquisition and Monitoring System (SCADA). A buffer overflow vulnerability exists in CitectSCADA and Mitsubishi MX4 SCADA version 7.10. This vulnerability affects the Batch server module, which can be exploited by an attacker to run arbitrary code in the context of an application, and a failed attack attempt will result in a denial of service. CitectSCADA is an industrial control software used by Mitsubishi MX4 and Schneider Electric. Careful construction of string data can execute arbitrary code in the application context. CitectSCADA and Mitsubishi MX4 SCADA are prone to a buffer-overflow vulnerability that affects the Batch server module. Failed exploit attempts will result in a denial-of-service condition. The following versions are vulnerable: CitectSCADA 7.10 and prior Mitsubishi MX4 SCADA 7.10 and prior. Citectscada is prone to a local security vulnerability. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Schneider Electric CitectSCADA Batch Server Login Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46779
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46779/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46779
RELEASE DATE: 2011-11-09
DISCUSS ADVISORY: http://secunia.com/advisories/46779/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46779/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46779
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Schneider Electric CitectSCADA, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
SOLUTION: Update to a fixed version. Please contact the vendor for details.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Taiwan\x92s Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: CitectSCADA: http://www.citect.com/citectscada-batch
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
The application bundles a vulnerable version of CitectSCADA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0581",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mx4 scada",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishi automation",
"version": "7.10"
},
{
"model": "citectscada",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.10"
},
{
"model": "mx4 scada",
"scope": "eq",
"trust": 0.9,
"vendor": "mitsubishi automation",
"version": "7.10"
},
{
"model": "electric citectscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider",
"version": "7.1"
},
{
"model": "citectscada",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.20"
},
{
"model": "mx4 scada",
"scope": "lt",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.20"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 0.6,
"vendor": "citect",
"version": "7.x"
},
{
"model": "electric citectscada",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "7.10"
},
{
"model": "electric mx4 scada",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.10"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mx4 scada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citectscada",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citect",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citectscada",
"version": "7.x"
}
],
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:citectscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mx4_scada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung",
"sources": [
{
"db": "BID",
"id": "50604"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
}
],
"trust": 0.9
},
"cve": "CVE-2011-5163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2011-5163",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2011-5807",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "5faca590-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-53108",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5163",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-5163",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2011-5807",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-330",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-53108",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. CitectSCADA is software for providing monitoring and control functions in the Data Acquisition and Monitoring System (SCADA). A buffer overflow vulnerability exists in CitectSCADA and Mitsubishi MX4 SCADA version 7.10. This vulnerability affects the Batch server module, which can be exploited by an attacker to run arbitrary code in the context of an application, and a failed attack attempt will result in a denial of service. CitectSCADA is an industrial control software used by Mitsubishi MX4 and Schneider Electric. Careful construction of string data can execute arbitrary code in the application context. CitectSCADA and Mitsubishi MX4 SCADA are prone to a buffer-overflow vulnerability that affects the Batch server module. Failed exploit attempts will result in a denial-of-service condition. \nThe following versions are vulnerable:\nCitectSCADA 7.10 and prior\nMitsubishi MX4 SCADA 7.10 and prior. Citectscada is prone to a local security vulnerability. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nSchneider Electric CitectSCADA Batch Server Login Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46779\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46779/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779\n\nRELEASE DATE:\n2011-11-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46779/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46779/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Schneider Electric CitectSCADA,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nSOLUTION:\nUpdate to a fixed version. Please contact the vendor for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Taiwan\\x92s Information and\nCommunication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nCitectSCADA:\nhttp://www.citect.com/citectscada-batch\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe application bundles a vulnerable version of CitectSCADA",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5163"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "PACKETSTORM",
"id": "106802"
},
{
"db": "PACKETSTORM",
"id": "106806"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-11-279-02",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2011-5163",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "46779",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1026306",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "46786",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "76937",
"trust": 1.7
},
{
"db": "BID",
"id": "50604",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-4804",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5807",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254",
"trust": 0.6
},
{
"db": "BID",
"id": "77854",
"trust": 0.4
},
{
"db": "IVD",
"id": "5FACA590-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "B0D03A04-1F7F-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "65AE310C-1F7F-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106802",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106806",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "PACKETSTORM",
"id": "106802"
},
{
"db": "PACKETSTORM",
"id": "106806"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"id": "VAR-201209-0581",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "VULHUB",
"id": "VHN-53108"
}
],
"trust": 2.638095215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
}
]
},
"last_update_date": "2025-04-11T23:20:36.883000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CitectScada V7.20 Service Pack 3",
"trust": 0.8,
"url": "http://www.downloads.schneider-electric.com/sites/oreo/ww/document-detail.page?p_docId=4660520\u0026p_Conf=i#http://www.downloads.schneider-electric.com"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/"
},
{
"title": "\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
},
{
"title": "Mitsubishi MX4 SCADA",
"trust": 0.8,
"url": "http://www.mitsubishi-automation.com/products/software_MX4_content.htm"
},
{
"title": "Product Safety Notice",
"trust": 0.8,
"url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=MX4,SCADA"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
},
{
"title": "Patch for CitectSCADA and Mitsubishi MX4 SCADA Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/36929"
},
{
"title": "Patch for Schneider Electric/Mitsubishi MX4 CitectSCADA Batch Server Login Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/5857"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-02.pdf"
},
{
"trust": 2.1,
"url": "http://www.citect.com/citectscada-batch"
},
{
"trust": 2.0,
"url": "http://www.securitytracker.com/id?1026306"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/76937"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/46779"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/46786"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/50604"
},
{
"trust": 1.0,
"url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=mx4%2cscada"
},
{
"trust": 0.9,
"url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026doc_type=safety\u0026scat=2\u0026sstr=mx4,scada"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5163"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5163"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-02.pdfhttp"
},
{
"trust": 0.3,
"url": "http://www.citect.com/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1\u0026amp;doc_type=safety\u0026amp;scat=2\u0026amp;sstr=mx4,scada"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46779/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46779/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46779"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46786"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46786/#comments"
},
{
"trust": 0.1,
"url": "https://my.mitsubishi-automation.com/downloads/view/doc_loc/8879/91516012-eb50-11e0-98c9-0022195266d5_psn2011-0001a.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46786/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "PACKETSTORM",
"id": "106802"
},
{
"db": "PACKETSTORM",
"id": "106806"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"db": "VULHUB",
"id": "VHN-53108"
},
{
"db": "BID",
"id": "50604"
},
{
"db": "BID",
"id": "77854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"db": "PACKETSTORM",
"id": "106802"
},
{
"db": "PACKETSTORM",
"id": "106806"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-19T00:00:00",
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-11T00:00:00",
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-15T00:00:00",
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"date": "2011-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"date": "2012-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-53108"
},
{
"date": "2011-11-08T00:00:00",
"db": "BID",
"id": "50604"
},
{
"date": "2012-09-15T00:00:00",
"db": "BID",
"id": "77854"
},
{
"date": "2012-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"date": "2011-11-09T03:05:37",
"db": "PACKETSTORM",
"id": "106802"
},
{
"date": "2011-11-09T06:29:18",
"db": "PACKETSTORM",
"id": "106806"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"date": "2012-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"date": "2012-09-15T17:55:04.287000",
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"date": "2011-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4804"
},
{
"date": "2012-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-53108"
},
{
"date": "2015-03-19T09:43:00",
"db": "BID",
"id": "50604"
},
{
"date": "2012-09-15T00:00:00",
"db": "BID",
"id": "77854"
},
{
"date": "2012-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005156"
},
{
"date": "2011-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"date": "2012-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-330"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-5163"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "77854"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CitectSCADA and Mitsubishi MX4 SCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5807"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "5faca590-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "b0d03a04-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "65ae310c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-254"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-330"
}
],
"trust": 1.8
}
}
VAR-201304-0435
Vulnerability from variot - Updated: 2025-04-11 23:16Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Mitsubishi MX Component ActiveX dynamic link library for PC software and Mitsubishi FX/A/Q series links. Mitsubishi MX is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. CitectFacilities is an open and comprehensive facilities management solution designed specifically for managing large built environments. CitectSCADA is software used to provide monitoring and control functions in a supervisory control and data acquisition system (SCADA). There are multiple buffer overflow vulnerabilities in the ActUWzd.dll file version 1.0.0.1 in this component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0435",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "citectfacilities",
"scope": "eq",
"trust": 2.7,
"vendor": "schneider electric",
"version": "7.10"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "7.10"
},
{
"model": "mx component",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi automation",
"version": "3"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.10r1"
},
{
"model": "mx component",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "3 of actuwzd.dll 1.0.0.1"
},
{
"model": "electric mitsubishi mx activex component",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3"
},
{
"model": "citectscada 7.10r1",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric mx component version",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "30"
},
{
"model": "electric mx component",
"scope": "ne",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "4.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mitsubishi mx component",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citectfacilities",
"version": "7.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "citectscada",
"version": "7.10"
}
],
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:citectfacilities",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:citectscada",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mitsubishi_mx_component",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr_IDE",
"sources": [
{
"db": "BID",
"id": "58692"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3075",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3075",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02230",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-63077",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3075",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3075",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-02230",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-439",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-63077",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Mitsubishi MX Component ActiveX dynamic link library for PC software and Mitsubishi FX/A/Q series links. Mitsubishi MX is prone to remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. CitectFacilities is an open and comprehensive facilities management solution designed specifically for managing large built environments. CitectSCADA is software used to provide monitoring and control functions in a supervisory control and data acquisition system (SCADA). There are multiple buffer overflow vulnerabilities in the ActUWzd.dll file version 1.0.0.1 in this component",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3075"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-63077"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63077",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63077"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3075",
"trust": 3.6
},
{
"db": "EXPLOIT-DB",
"id": "24886",
"trust": 2.3
},
{
"db": "BID",
"id": "58692",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-140-01",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-13-091-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02230",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494",
"trust": 0.6
},
{
"db": "IVD",
"id": "FAB9DDBA-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-78572",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63077",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"id": "VAR-201304-0435",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
}
]
},
"last_update_date": "2025-04-11T23:16:38.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/"
},
{
"title": "\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
},
{
"title": "MX Component",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/products/cnt/plceng/lineup/mx_component/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.exploit-db.com/exploits/24886/"
},
{
"trust": 1.1,
"url": "http://ics-cert.us-cert.gov/pdf/ics-alert-13-091-01.pdf"
},
{
"trust": 1.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-140-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3075"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3075"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58692"
},
{
"trust": 0.3,
"url": "http://www.intelliscada.com/services_facilities.html"
},
{
"trust": 0.3,
"url": "http://www.citect.com/"
},
{
"trust": 0.3,
"url": "http://www.mitsubishi-automation.com/products/software_mx_components_content.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "VULHUB",
"id": "VHN-63077"
},
{
"db": "BID",
"id": "58692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-27T00:00:00",
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"date": "2013-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-63077"
},
{
"date": "2013-03-25T00:00:00",
"db": "BID",
"id": "58692"
},
{
"date": "2013-04-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"date": "2013-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"date": "2013-04-19T11:44:29.280000",
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"date": "2013-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-63077"
},
{
"date": "2015-03-19T08:08:00",
"db": "BID",
"id": "58692"
},
{
"date": "2013-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002424"
},
{
"date": "2013-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-494"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3075"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi MX Component ActiveX Control \u0027ActUWzd.dll\u0027 Remote Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02230"
},
{
"db": "BID",
"id": "58692"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "fab9ddba-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-439"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-494"
}
],
"trust": 1.4
}
}
VAR-201402-0087
Vulnerability from variot - Updated: 2025-04-11 23:14An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Mitsubishi MC-WorkX is a factory automation application tool. Mitsubishi MC-WorX is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Mitsubishi MC-WorX 8.02 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mc-worx suite",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "8.02"
},
{
"model": "mc worx",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "8.02"
},
{
"model": "electric europe b.v. mc-worx",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "8.x"
},
{
"model": "mc-worx suite",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": "8.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mc worx suite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mc-worx_suite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blake",
"sources": [
{
"db": "BID",
"id": "62414"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2817",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-2817",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13110",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "33985888-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2817",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-2817",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-13110",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-279",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Mitsubishi MC-WorkX is a factory automation application tool. Mitsubishi MC-WorX is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nMitsubishi MC-WorX 8.02 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2817"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "BID",
"id": "62414"
},
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2817",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-051-02",
"trust": 2.4
},
{
"db": "BID",
"id": "62414",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-13110",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "54852",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "28284",
"trust": 0.6
},
{
"db": "IVD",
"id": "33985888-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "BID",
"id": "62414"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"id": "VAR-201402-0087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
}
]
},
"last_update_date": "2025-04-11T23:14:40.460000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MC Works",
"trust": 0.8,
"url": "http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works"
},
{
"title": "IcoLaunchPatch_PlaceInBinFolder",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48278"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-02"
},
{
"trust": 1.6,
"url": "http://www.meau.com/eprise/main/sites/public/products/software/-mc_works"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2817"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2817"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/28284/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/54852"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62414"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "BID",
"id": "62414"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-18T00:00:00",
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"date": "2013-09-15T00:00:00",
"db": "BID",
"id": "62414"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"date": "2013-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"date": "2014-02-24T04:48:09.757000",
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"date": "2014-02-25T07:51:00",
"db": "BID",
"id": "62414"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006066"
},
{
"date": "2014-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-279"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-2817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi MC-WorX \u0027IcoLaunch.dll\u0027\u0027 ActiveX Control Remote Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13110"
},
{
"db": "BID",
"id": "62414"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "33985888-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-279"
}
],
"trust": 0.8
}
}
VAR-200803-0395
Vulnerability from variot - Updated: 2025-04-10 23:01servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. The Mitsubishi Electric GB-50A is prone to multiple authentication-bypass vulnerabilities. Successful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0395",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gb",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishi electric",
"version": "50"
},
{
"model": "gb",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishi electric",
"version": "50a"
},
{
"model": "gb",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "(gb-50)"
},
{
"model": "gb",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "(gb-50a)"
},
{
"model": "electric gb-50a",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gb",
"version": "50"
},
{
"model": "50a",
"scope": null,
"trust": 0.2,
"vendor": "gb",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "28406"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:mitsubishielectric:gb",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Withers\u203b chris@simplistix.co.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1546",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-1546",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "077962fc-23ce-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1546",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-1546",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-471",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. The Mitsubishi Electric GB-50A is prone to multiple authentication-bypass vulnerabilities. \nSuccessful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1546"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "BID",
"id": "28406"
},
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1546",
"trust": 2.9
},
{
"db": "BID",
"id": "28406",
"trust": 1.9
},
{
"db": "SREASON",
"id": "3794",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080322 HACKING THE MITSUBISHI GB-50A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071117 SECURITY CONTACT FOR MITSUBISHI ELECTRIC?",
"trust": 0.6
},
{
"db": "XF",
"id": "41503",
"trust": 0.6
},
{
"db": "XF",
"id": "50",
"trust": 0.6
},
{
"db": "IVD",
"id": "077962FC-23CE-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "28406"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"id": "VAR-200803-0395",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2025-04-10T23:01:11.005000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u7a7a\u8abf\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/hvac_r/conditioning/products/control/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/28406"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/483862/2008-03-21/threaded"
},
{
"trust": 1.6,
"url": "http://securityreason.com/securityalert/3794"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41503"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/489970/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1546"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1546"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41503"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489970/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.3,
"url": "/archive/1/489970"
}
],
"sources": [
{
"db": "BID",
"id": "28406"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "28406"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-28T00:00:00",
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"date": "2008-03-22T00:00:00",
"db": "BID",
"id": "28406"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"date": "2008-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"date": "2008-03-28T23:44:00",
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-07T17:32:00",
"db": "BID",
"id": "28406"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004278"
},
{
"date": "2009-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-471"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-1546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric GB-50A Java applet Remote bypass authentication vulnerability",
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design error",
"sources": [
{
"db": "IVD",
"id": "077962fc-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-471"
}
],
"trust": 0.8
}
}
VAR-202311-2162
Vulnerability from variot - Updated: 2025-03-14 22:44Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric's GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202311-2162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gx works2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "gx works2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "gx works2",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "electric mitsubishi electric gx works2",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00208"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"db": "NVD",
"id": "CVE-2023-5275"
}
]
},
"cve": "CVE-2023-5275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 1.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "CNVD-2024-00208",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.0,
"id": "CVE-2023-5275",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.0,
"id": "CVE-2023-5275",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-5275",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-5275",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"id": "CVE-2023-5275",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2023-5275",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-00208",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00208"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"db": "NVD",
"id": "CVE-2023-5275"
},
{
"db": "NVD",
"id": "CVE-2023-5275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric\u0027s GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5275"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"db": "CNVD",
"id": "CNVD-2024-00208"
},
{
"db": "VULMON",
"id": "CVE-2023-5275"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5275",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-331-03",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU98760962",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026370",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-00208",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-5275",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00208"
},
{
"db": "VULMON",
"id": "CVE-2023-5275"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"db": "NVD",
"id": "CVE-2023-5275"
}
]
},
"id": "VAR-202311-2162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00208"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00208"
}
]
},
"last_update_date": "2025-03-14T22:44:38.765000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Mitsubishi Electric GX Works2 Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/513036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00208"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"db": "NVD",
"id": "CVE-2023-5275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf"
},
{
"trust": 2.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03"
},
{
"trust": 1.9,
"url": "https://jvn.jp/vu/jvnvu98760962/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00208"
},
{
"db": "VULMON",
"id": "CVE-2023-5275"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"db": "NVD",
"id": "CVE-2023-5275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-00208"
},
{
"db": "VULMON",
"id": "CVE-2023-5275"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"db": "NVD",
"id": "CVE-2023-5275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-00208"
},
{
"date": "2023-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2023-5275"
},
{
"date": "2024-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"date": "2023-11-30T05:15:10.400000",
"db": "NVD",
"id": "CVE-2023-5275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-00208"
},
{
"date": "2023-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2023-5275"
},
{
"date": "2024-07-17T01:59:00",
"db": "JVNDB",
"id": "JVNDB-2023-026370"
},
{
"date": "2023-12-05T18:18:37.050000",
"db": "NVD",
"id": "CVE-2023-5275"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric\u0027s \u00a0GX\u00a0Works2\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026370"
}
],
"trust": 0.8
}
}
VAR-202311-2161
Vulnerability from variot - Updated: 2025-03-14 22:44Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric's GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller of Mitsubishi Electric Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202311-2161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gx works2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "gx works2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "gx works2",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "electric mitsubishi electric gx works2",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00209"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"db": "NVD",
"id": "CVE-2023-5274"
}
]
},
"cve": "CVE-2023-5274",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 1.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "CNVD-2024-00209",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.0,
"id": "CVE-2023-5274",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.0,
"id": "CVE-2023-5274",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-5274",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-5274",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"id": "CVE-2023-5274",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2023-5274",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-00209",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00209"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"db": "NVD",
"id": "CVE-2023-5274"
},
{
"db": "NVD",
"id": "CVE-2023-5274"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric\u0027s GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller of Mitsubishi Electric Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5274"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"db": "CNVD",
"id": "CNVD-2024-00209"
},
{
"db": "VULMON",
"id": "CVE-2023-5274"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5274",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-331-03",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU98760962",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026369",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-00209",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-5274",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00209"
},
{
"db": "VULMON",
"id": "CVE-2023-5274"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"db": "NVD",
"id": "CVE-2023-5274"
}
]
},
"id": "VAR-202311-2161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00209"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00209"
}
]
},
"last_update_date": "2025-03-14T22:44:38.741000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Mitsubishi Electric GX Works2 Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/513041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00209"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"db": "NVD",
"id": "CVE-2023-5274"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf"
},
{
"trust": 2.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03"
},
{
"trust": 1.9,
"url": "https://jvn.jp/vu/jvnvu98760962/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5274"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-00209"
},
{
"db": "VULMON",
"id": "CVE-2023-5274"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"db": "NVD",
"id": "CVE-2023-5274"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-00209"
},
{
"db": "VULMON",
"id": "CVE-2023-5274"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"db": "NVD",
"id": "CVE-2023-5274"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-00209"
},
{
"date": "2023-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2023-5274"
},
{
"date": "2024-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"date": "2023-11-30T05:15:09.983000",
"db": "NVD",
"id": "CVE-2023-5274"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-00209"
},
{
"date": "2023-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2023-5274"
},
{
"date": "2024-07-17T01:59:00",
"db": "JVNDB",
"id": "JVNDB-2023-026369"
},
{
"date": "2023-12-05T18:20:39.937000",
"db": "NVD",
"id": "CVE-2023-5274"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric\u0027s \u00a0GX\u00a0Works2\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-026369"
}
],
"trust": 0.8
}
}
VAR-202410-3650
Vulnerability from variot - Updated: 2024-12-05 20:26Mitsubishi PLC FX5UJ is a micro programmable controller.
Mitsubishi Electric Mitsubishi PLC FX5UJ has a buffer overflow vulnerability. Attackers can exploit this vulnerability to modify the length field of the transmission control program data packet, causing the workstation to be unable to read the control program content.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-3650",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric mitsubishi plc fx5uj",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45604"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-45604",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2024-45604",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45604"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi PLC FX5UJ is a micro programmable controller.\n\nMitsubishi Electric Mitsubishi PLC FX5UJ has a buffer overflow vulnerability. Attackers can exploit this vulnerability to modify the length field of the transmission control program data packet, causing the workstation to be unable to read the control program content.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45604"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-45604",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45604"
}
]
},
"id": "VAR-202410-3650",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45604"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45604"
}
]
},
"last_update_date": "2024-12-05T20:26:29.251000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-45604"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-45604"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-45604"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric Mitsubishi PLC FX5UJ has a buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45604"
}
],
"trust": 0.6
}
}
VAR-201911-1188
Vulnerability from variot - Updated: 2024-11-23 23:04In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1188",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "l26cpu-bt-cm",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l02\\/06\\/26cpu-cm",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l02\\/06\\/26cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l26cpu-bt",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l02\\/06\\/26cpu-p",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "q03udecpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": "l26cpu-pbt",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "q03\\/04\\/06\\/13\\/26udvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": "q04\\/06\\/13\\/26udpvcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": "q04\\/06\\/10\\/13\\/20\\/26\\/50\\/100udehcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": "melsec-l series cpu unit",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l02/06/26cpu"
},
{
"model": "melsec-l series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l26cpu-bt ( top serial number 5 digits 21101 )"
},
{
"model": "melsec-l series cpu unit",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l02/06/26cpu-cm"
},
{
"model": "melsec-l series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l26cpu-bt-cm ( top serial number 5 digits 21101 )"
},
{
"model": "melsec-l series cpu unit",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l02/06/26cpu-p"
},
{
"model": "melsec-l series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "l26cpu-pbt ( top serial number 5 digits 21101 )"
},
{
"model": "melsec-q series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "q03/04/06/13/26udvcpu ( top serial number 5 digits 21081 )"
},
{
"model": "melsec-q series cpu unit",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "q03udecpu"
},
{
"model": "melsec-q series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "q04/06/10/13/20/26/50/100udehcpu ( top serial number 5 digits 21081 )"
},
{
"model": "melsec-q series cpu unit",
"scope": "lte",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "q04/06/13/26udpvcpu ( top serial number 5 digits 21081 )"
},
{
"model": "electric mitsubishi electric melsec-q series \u003c=q03/04/06/13/26udvcpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21081"
},
{
"model": "electric mitsubishi electric melsec-q series \u003c=q04/06/13/26udpvcpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21081"
},
{
"model": "electric mitsubishi electric melsec-q series \u003c=q03udecpu q04/06/10/13/20/26/50/100udehcpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21081"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l26cpu-bt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu-p",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l26cpu-pbt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu-cm",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l26cpu-bt-cm",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "21101"
},
{
"model": "l26cpu-bt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "l26cpu-bt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "l26cpu-pbt",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": "21101"
},
{
"model": "q03udecpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "q03udecpu",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishielectric",
"version": "21081"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "q03 04 06 13 26udvcpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l26cpu bt cm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "q04 06 13 26udpvcpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "q03udecpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "q04 06 10 13 20 26 50 100udehcpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l02 06 26cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l26cpu bt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l02 06 26cpu p",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l26cpu pbt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "l02 06 26cpu cm",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec-l_series_cpu_unit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec-q_series_cpu_unit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
}
]
},
"cve": "CVE-2019-13555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13555",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-011686",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-41428",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2019-13555",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-011686",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2019-011686",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41428",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-424",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-13555",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13555",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-311-01",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2019-41428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97094124",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4209",
"trust": 0.6
},
{
"db": "IVD",
"id": "00D06E5F-E8D7-433D-9E94-3FF51C3E39B6",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-13555",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"id": "VAR-201911-1188",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
}
],
"trust": 1.7375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
}
]
},
"last_update_date": "2024-11-23T23:04:35.531000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC-Q\u30b7\u30ea\u30fc\u30baCPU\u3001\u304a\u3088\u3073MELSEC-L\u30b7\u30ea\u30fc\u30baCPU\u306b\u304a\u3051\u308bFTP\u30b5\u30fc\u30d0\u6a5f\u80fd\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-002.pdf"
},
{
"title": "Patch for Mitsubishi Electric MELSEC-Q Series and Mitsubishi MELSEC-L Series Resource Management Error Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191107"
},
{
"title": "Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103038"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13555"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13555"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu97094124"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4209/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"date": "2019-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"date": "2019-11-13T23:15:11.327000",
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41428"
},
{
"date": "2019-11-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13555"
},
{
"date": "2019-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011686"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-424"
},
{
"date": "2024-11-21T04:25:08.387000",
"db": "NVD",
"id": "CVE-2019-13555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP Server function resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011686"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-424"
}
],
"trust": 0.8
}
}
VAR-202006-0119
Vulnerability from variot - Updated: 2024-11-23 23:04Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Resource exhaustion vulnerabilities in series units (CWE-400) Exists This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.When a malicious packet is received from a remote third party, Ethernet Port communication interferes with service operation (DoS) It may be in a state. A reset is required for recovery. Misubishi Electric MELSEC iQ-R series is a programmable logic controller manufactured by Misubishi Electric, Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0119",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec iq-r08pcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-rj71en71",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r01cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "7"
},
{
"model": "melsec iq-r00cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "7"
},
{
"model": "melsec iq-r08fcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20"
},
{
"model": "melsec iq-r120pcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r04cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "39"
},
{
"model": "melsec iq-r08cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "39"
},
{
"model": "melsec iq-r16cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "39"
},
{
"model": "melsec iq-r16fcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20"
},
{
"model": "melsec iq-r16pcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r32sfcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r120fcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20"
},
{
"model": "melsec iq-r02cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "7"
},
{
"model": "melsec iq-r32fcpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20"
},
{
"model": "melsec iq-r16sfcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r32cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "39"
},
{
"model": "melsec iq-r32pcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r120cpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "39"
},
{
"model": "melsec iq-r08sfcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r120sfcpu",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "melsec iq-r series r00/01/02cpu firmware version \"7\" and earlier"
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "melsec iq-r series r04/08/16/32/120cpu , r04/08/16/32/120encpu firmware version \"39\" and earlier"
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "melsec iq-r series r08/16/32/120sfcpu firmware version \"20 \" and earlier"
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "melsec iq-r series r08/16/32/120pcpu firmware version \" 24 \" and earlier"
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "melsec iq-r series r08/16/32/120psfcpu firmware version \" 05 \" and earlier"
},
{
"model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
"scope": "lte",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "melsec iq-r series rj71en71 firmware version \" 49 \" and earlier"
},
{
"model": "electric r04/08/16/32/120encpu",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=39"
},
{
"model": "electric r00/01/02cpu",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=7"
},
{
"model": "electric r08/16/32/120sfcpu",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=20"
},
{
"model": "electric r08/16/32/120pcpu",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric r08/16/32/120psfcpu",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric rj71en71",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric r04/08/16/32/120cpu",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=39"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46803"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"db": "NVD",
"id": "CVE-2020-13238"
}
]
},
"cve": "CVE-2020-13238",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-13238",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005243",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46803",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13238",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005243",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13238",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2020-005243",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-46803",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-827",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-13238",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46803"
},
{
"db": "VULMON",
"id": "CVE-2020-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-827"
},
{
"db": "NVD",
"id": "CVE-2020-13238"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Resource exhaustion vulnerabilities in series units (CWE-400) Exists This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.When a malicious packet is received from a remote third party, Ethernet Port communication interferes with service operation (DoS) It may be in a state. A reset is required for recovery. Misubishi Electric MELSEC iQ-R series is a programmable logic controller manufactured by Misubishi Electric, Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"db": "CNVD",
"id": "CNVD-2020-46803"
},
{
"db": "VULMON",
"id": "CVE-2020-13238"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-161-02",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2020-13238",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97662844",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005243",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-46803",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2013",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-827",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-13238",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46803"
},
{
"db": "VULMON",
"id": "CVE-2020-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-827"
},
{
"db": "NVD",
"id": "CVE-2020-13238"
}
]
},
"id": "VAR-202006-0119",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46803"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46803"
}
]
},
"last_update_date": "2024-11-23T23:04:23.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC\u00a0iQ-R Of the series Ethernet Denial of service on port (DoS) Vulnerability",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-001.pdf"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yossireuven/Publications "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [JPCERT/CC Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"db": "NVD",
"id": "CVE-2020-13238"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-02"
},
{
"trust": 2.5,
"url": "http://jvn.jp/vu/jvnvu97662844/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdf"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13238"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2013/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-02"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/yossireuven/publications"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46803"
},
{
"db": "VULMON",
"id": "CVE-2020-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-827"
},
{
"db": "NVD",
"id": "CVE-2020-13238"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46803"
},
{
"db": "VULMON",
"id": "CVE-2020-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-827"
},
{
"db": "NVD",
"id": "CVE-2020-13238"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46803"
},
{
"date": "2020-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13238"
},
{
"date": "2020-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-827"
},
{
"date": "2020-06-10T20:15:14.140000",
"db": "NVD",
"id": "CVE-2020-13238"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46803"
},
{
"date": "2020-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13238"
},
{
"date": "2021-04-21T04:58:00",
"db": "JVNDB",
"id": "JVNDB-2020-005243"
},
{
"date": "2020-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-827"
},
{
"date": "2024-11-21T05:00:51.327000",
"db": "NVD",
"id": "CVE-2020-13238"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-827"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric \u00a0MELSEC\u00a0iQ-R\u00a0 Of the series \u00a0Ethernet\u00a0 Port resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-827"
}
],
"trust": 0.6
}
}
VAR-202006-1511
Vulnerability from variot - Updated: 2024-11-23 22:33Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "melsec-q",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-f",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec iq-r",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "melsec fx series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-f series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec iq-r series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec l series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "melsec q series",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
},
{
"model": "electric melsec fx",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-r",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec iq-f",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec q",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric melsec l",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"cve": "CVE-2020-5594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5594",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5594",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 10,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005854",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5594",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-005854",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5594",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU91424496",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-175-01",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2176",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5594",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"id": "VAR-202006-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
],
"trust": 1.3499999919999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
}
]
},
"last_update_date": "2024-11-23T22:33:25.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91424496"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2020-06-23T08:15:10.487000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46802"
},
{
"date": "2020-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5594"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005854"
},
{
"date": "2020-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1590"
},
{
"date": "2024-11-21T05:34:19.893000",
"db": "NVD",
"id": "CVE-2020-5594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC iQ-R , iQ-F , Q , L , FX Of the series CPU With the unit GX Works3 and GX Works2 Vulnerability in plaintext communication between",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1590"
}
],
"trust": 0.6
}
}
VAR-201905-1060
Vulnerability from variot - Updated: 2024-11-23 22:21In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan's Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following MELSEC-Q series PLCs are affected: QJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qj71e71-100",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20121"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "( above the serial number 5 digits 20121 previous version )"
},
{
"model": "electric melsec-q series plcs j71e71-100 serial number",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=20121"
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20121"
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "18072"
},
{
"model": "electric qj71e71-100",
"scope": "ne",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20122"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Younes Dragoni and Alessandro Di Pinto of Nozomi Networks,Younes Dragoni and Alessandro Di Pinto of Nozomi Networks reported this vulnerability to Mitsubishi and NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10977",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-003963",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16527",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142577",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10977",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-003963",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10977",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2019-003963",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-16527",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-839",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142577",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan\u0027s Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following MELSEC-Q series PLCs are affected:\nQJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "VULHUB",
"id": "VHN-142577"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10977",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-141-02",
"trust": 2.8
},
{
"db": "BID",
"id": "108419",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU93268101",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-16527",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1867",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142577",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"id": "VAR-201905-1060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
}
]
},
"last_update_date": "2024-11-23T22:21:37.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u304a\u554f\u3044\u5408\u308f\u305b | \u4e09\u83f1\u96fb\u6a5f FA",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/fa/support/purchase/index.html"
},
{
"title": "Patch for MitsubishiElectricMELSEC-QSeriesPLCs Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/163035"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-755",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/108419"
},
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-141-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10977"
},
{
"trust": 0.9,
"url": "http://www.mitsubishi-automation.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10977"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93268101/"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-10977"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1867/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"date": "2019-05-23T00:00:00",
"db": "VULHUB",
"id": "VHN-142577"
},
{
"date": "2019-05-21T00:00:00",
"db": "BID",
"id": "108419"
},
{
"date": "2019-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"date": "2019-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"date": "2019-05-23T14:29:07.610000",
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142577"
},
{
"date": "2019-05-21T00:00:00",
"db": "BID",
"id": "108419"
},
{
"date": "2019-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-839"
},
{
"date": "2024-11-21T04:20:16.957000",
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC-Q series Ethernet Service operation interruption in the interface unit (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
}
}
VAR-202003-1417
Vulnerability from variot - Updated: 2024-11-23 22:16Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iu1-1m20-d",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.0.7"
},
{
"model": "iu1-1m20-d",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "1.0.7"
},
{
"model": "electric melqic iu1",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=1.0.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:iu1-1m20-d_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
}
]
},
"cve": "CVE-2020-5544",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5544",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003078",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19568",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5544",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003078",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5544",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003078",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-19568",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1005",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5544"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNVD",
"id": "CNVD-2020-19568"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5544",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92370624",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-19568",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"id": "VAR-202003-1417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
}
]
},
"last_update_date": "2024-11-23T22:16:36.325000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MELQIC IU1 \u30b7\u30ea\u30fc\u30ba\u306eTCP/IP \u30b9\u30bf\u30c3\u30af\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf"
},
{
"title": "Patch for Mitsubishi Electric MELQIC IU1 TCP function code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210995"
},
{
"title": "Mitsubishi Electric MELQIC IU1 TCP Measures to fix bugs in function code problems",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112427"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://jvn.jp/en/vu/jvnvu92370624/index.html"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5544"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92370624/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5544"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"date": "2020-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"date": "2020-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"date": "2020-03-16T02:15:10.997000",
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"date": "2020-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003078"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1005"
},
{
"date": "2024-11-21T05:34:14.890000",
"db": "NVD",
"id": "CVE-2020-5544"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MELQIC IU1 TCP function code issue vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19568"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1005"
}
],
"trust": 0.6
}
}
VAR-202007-1433
Vulnerability from variot - Updated: 2024-11-23 22:11A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process.
There is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"_id": null,
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works64",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"_id": null,
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"_id": null,
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"_id": null,
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
}
]
},
"credits": {
"_id": null,
"data": "Ben McBride",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-779"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12013",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12013",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34370",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12013",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12013",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12013",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-12013",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34370",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1207",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
}
]
},
"description": {
"_id": null,
"data": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process. \n\r\n\r\nThere is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12013"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12013",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-20-779",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34370",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10288",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "619034F0-2A16-43EB-8D34-F889BD91A2AF",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2B262E1-E8A9-471A-A771-486F23CD118B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
}
]
},
"id": "VAR-202007-1433",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
}
]
},
"last_update_date": "2024-11-23T22:11:26.821000Z",
"patch": {
"_id": null,
"data": [
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222939"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "CWE-94",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12013"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-779/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12013"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-779"
},
{
"db": "CNVD",
"id": "CNVD-2020-34370"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
},
{
"db": "NVD",
"id": "CVE-2020-12013"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
"ident": null
},
{
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-779",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-34370",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1207",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12013",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
"ident": null
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
"ident": null
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-779",
"ident": null
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34370",
"ident": null
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1207",
"ident": null
},
{
"date": "2020-07-16T22:15:11.417000",
"db": "NVD",
"id": "CVE-2020-12013",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-779",
"ident": null
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34370",
"ident": null
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1207",
"ident": null
},
{
"date": "2024-11-21T04:59:06.937000",
"db": "NVD",
"id": "CVE-2020-12013",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-779"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1207"
}
],
"trust": 0.6
}
}
VAR-202007-0207
Vulnerability from variot - Updated: 2024-11-23 22:11A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-778"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12011",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2020-34373",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "2e91579b-642f-4242-83f1-d1d890cc5345",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "213f4b05-e0a3-4f65-b456-b752579d9402",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12011",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12011",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12011",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-12011",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34373",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1210",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12011"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12011",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-20-778",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34373",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10274",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "2E91579B-642F-4242-83F1-D1D890CC5345",
"trust": 0.2
},
{
"db": "IVD",
"id": "213F4B05-E0A3-4F65-B456-B752579D9402",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"id": "VAR-202007-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
}
]
},
"last_update_date": "2024-11-23T22:11:26.786000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222929"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-778/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12011"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
},
{
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1210"
},
{
"date": "2020-07-16T19:15:11.830000",
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-778"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34373"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1210"
},
{
"date": "2024-11-21T04:59:06.677000",
"db": "NVD",
"id": "CVE-2020-12011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(Pwn2Own) ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-778"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "2e91579b-642f-4242-83f1-d1d890cc5345"
},
{
"db": "IVD",
"id": "213f4b05-e0a3-4f65-b456-b752579d9402"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1210"
}
],
"trust": 1.0
}
}
VAR-202007-0206
Vulnerability from variot - Updated: 2024-11-23 22:11A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"_id": null,
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"_id": null,
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"_id": null,
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"_id": null,
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
}
]
},
"credits": {
"_id": null,
"data": "Team FLASHBACK: Pedro Ribeiro (pedrib@gmail.com|@pedrib1337) and Radek Domanski (@RabbitPro)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-777"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12009",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12009",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34371",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12009",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12009",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12009",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-12009",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-34371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
}
]
},
"description": {
"_id": null,
"data": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12009"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12009",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 1.6
},
{
"db": "ZDI",
"id": "ZDI-20-777",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34371",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10272",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "D97CB3A1-CB5E-4BB3-B9B8-62A73DD1F132",
"trust": 0.2
},
{
"db": "IVD",
"id": "2AEA7BB9-A918-4CCF-A751-B9794DF3809B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
}
]
},
"id": "VAR-202007-0206",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
}
]
},
"last_update_date": "2024-11-23T22:11:26.751000Z",
"patch": {
"_id": null,
"data": [
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 Code Issue Vulnerability (CNVD-2020-34371)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222935"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12009"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-777/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12009"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-777"
},
{
"db": "CNVD",
"id": "CNVD-2020-34371"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
},
{
"db": "NVD",
"id": "CVE-2020-12009"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
"ident": null
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-777",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-34371",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12009",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
"ident": null
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
"ident": null
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-777",
"ident": null
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34371",
"ident": null
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1208",
"ident": null
},
{
"date": "2020-07-16T20:15:11.057000",
"db": "NVD",
"id": "CVE-2020-12009",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-777",
"ident": null
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34371",
"ident": null
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1208",
"ident": null
},
{
"date": "2024-11-21T04:59:06.433000",
"db": "NVD",
"id": "CVE-2020-12009",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "(Pwn2Own) ICONICS Genesis64 PKGX WbPackAndGoSettings Absolute Path Traversal Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-777"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
},
{
"db": "IVD",
"id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1208"
}
],
"trust": 1.0
}
}
VAR-202007-0208
Vulnerability from variot - Updated: 2024-11-23 22:11A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"_id": null,
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"_id": null,
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"_id": null,
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "bizviz",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "energy analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "facility analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis 64",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "genesis32",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "hyper historian",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mobilehmi",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "quality analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "smart energy analytix",
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "mc works",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "64"
},
{
"_id": null,
"model": "mc works 32",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"_id": null,
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
},
{
"_id": null,
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "(9.50.255.02)"
},
{
"_id": null,
"model": "electric mc works32 3.00a",
"scope": "eq",
"trust": 0.4,
"vendor": "mitsubishi",
"version": "(9.50.255.02)*"
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:iconics:bizviz",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:energy_analytix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:facility_analytix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:genesis64",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:genesis32",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:hyper_historian",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:mobilehmi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:quality_analytix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:iconics:smart_energy_analytix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mc_works",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mitsubishielectric:mc_works32",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
}
]
},
"credits": {
"_id": null,
"data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12015",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12015",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008308",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34372",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12015",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008308",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12015",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12015",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008308",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-12015",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"description": {
"_id": null,
"data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
}
],
"trust": 3.15
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12015",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-780",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34372",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95379131",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10297",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "4BDA61CA-BD50-4B09-A018-05EA35FF2332",
"trust": 0.2
},
{
"db": "IVD",
"id": "31AD87C7-757E-410A-89C6-906CC763B446",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"id": "VAR-202007-0208",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
}
],
"trust": 1.78927874
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
}
]
},
"last_update_date": "2024-11-23T22:11:26.711000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://iconics.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/"
},
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222933"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 2.3,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12015"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12015"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95379131/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-780/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-780"
},
{
"db": "CNVD",
"id": "CNVD-2020-34372"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
},
{
"db": "NVD",
"id": "CVE-2020-12015"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"ident": null
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-780",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-34372",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12015",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
"ident": null
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446",
"ident": null
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-780",
"ident": null
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34372",
"ident": null
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"ident": null
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"ident": null
},
{
"date": "2020-07-16T22:15:11.493000",
"db": "NVD",
"id": "CVE-2020-12015",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-780",
"ident": null
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34372",
"ident": null
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008308",
"ident": null
},
{
"date": "2020-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1209",
"ident": null
},
{
"date": "2024-11-21T04:59:07.153000",
"db": "NVD",
"id": "CVE-2020-12015",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Unreliable data deserialization vulnerabilities in multiple MC products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008308"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
},
{
"db": "IVD",
"id": "31ad87c7-757e-410a-89c6-906cc763b446"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1209"
}
],
"trust": 1.0
}
}
VAR-202007-0205
Vulnerability from variot - Updated: 2024-11-23 22:11A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric mc works64 \u003c=4.02c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishi",
"version": "(10.95.208.31)"
},
{
"model": "energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "10.95.208.31"
},
{
"model": "mobilehmi",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "bizviz",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "facility analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "mc works32",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "9.50.255.02"
},
{
"model": "genesis64",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis32",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "quality analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "hyper historian",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "smart energy analytix",
"scope": "eq",
"trust": 1.0,
"vendor": "iconics",
"version": null
},
{
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yehuda Anikster of Claroty Research",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-776"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12007",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34369",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12007",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12007",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12007",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-12007",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-34369",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1227",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12007",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12007"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12007",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-02",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-170-03",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-776",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34369",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10267",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2147",
"trust": 0.6
},
{
"db": "IVD",
"id": "B28667EE-4B0F-4654-BD4F-FBB2C24C795A",
"trust": 0.2
},
{
"db": "IVD",
"id": "36556B9E-B308-4C4F-A8AF-5FCE9F89C31B",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2020-12007",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"id": "VAR-202007-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
}
],
"trust": 1.736598425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
}
]
},
"last_update_date": "2024-11-23T22:11:26.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"title": "Patch for Mitsubishi Electric MC Works64 code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222941"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 1.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2c"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12007"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-776/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183626"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
},
{
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"date": "2020-06-18T00:00:00",
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"date": "2020-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1227"
},
{
"date": "2020-07-16T22:15:11.337000",
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "ZDI",
"id": "ZDI-20-776"
},
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34369"
},
{
"date": "2020-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12007"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1227"
},
{
"date": "2024-11-21T04:59:06.190000",
"db": "NVD",
"id": "CVE-2020-12007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Electric MC Works64 Code Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "CNVD",
"id": "CNVD-2020-34369"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
},
{
"db": "IVD",
"id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1227"
}
],
"trust": 1.0
}
}
VAR-202007-1224
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.
CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5596",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38410",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5596",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5596",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-38410",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-305",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5596",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-38410",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"id": "VAR-202007-1224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
}
]
},
"last_update_date": "2024-11-23T22:05:45.706000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Multiple Mitsubishi Electric product authorization issues and vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248851"
},
{
"title": "Multiple Mitsubishi Electric Product Authorization Issue Vulnerability Fixing Measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.8
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5596"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"date": "2020-07-07T09:15:10.153000",
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38410"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-305"
},
{
"date": "2024-11-21T05:34:20.100000",
"db": "NVD",
"id": "CVE-2020-5596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-305"
}
],
"trust": 0.6
}
}
VAR-202007-1223
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.
CoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5595",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38411",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5595",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5595",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-38411",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-304",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5595"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5595",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-38411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"id": "VAR-202007-1223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
}
]
},
"last_update_date": "2024-11-23T22:05:45.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Buffer overflow vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248901"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5595"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"date": "2020-07-07T09:15:10.057000",
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38411"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-304"
},
{
"date": "2024-11-21T05:34:20",
"db": "NVD",
"id": "CVE-2020-5595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-304"
}
],
"trust": 0.6
}
}
VAR-202007-1225
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5597",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46801",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5597",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5597",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46801",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-306",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5597",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46801",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"id": "VAR-202007-1225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
}
]
},
"last_update_date": "2024-11-23T22:05:45.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Null pointer reference vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231106"
},
{
"title": "Multiple Mitsubishi Electric Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123231"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5597"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"date": "2020-07-07T09:15:10.230000",
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46801"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-306"
},
{
"date": "2024-11-21T05:34:20.197000",
"db": "NVD",
"id": "CVE-2020-5597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-306"
}
],
"trust": 0.6
}
}
VAR-202007-1228
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5600",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5600",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46798",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5600",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5600",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46798",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-308",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5600",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46798",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"id": "VAR-202007-1228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
}
]
},
"last_update_date": "2024-11-23T22:05:45.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Resource management errors and vulnerabilities in multiple Mitsubishi Electric products (CNVD-2020-46798)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231124"
},
{
"title": "Multiple Mitsubishi Electric Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124077"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"date": "2020-07-07T09:15:10.450000",
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46798"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-308"
},
{
"date": "2024-11-21T05:34:20.490000",
"db": "NVD",
"id": "CVE-2020-5600"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-308"
}
],
"trust": 0.6
}
}
VAR-202007-1226
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5598",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46800",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5598",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5598",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-307",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-5598",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5598",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46800",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5598",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"id": "VAR-202007-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
}
]
},
"last_update_date": "2024-11-23T22:05:45.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Access control error vulnerabilities in multiple Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231115"
},
{
"title": "Multiple Mitsubishi Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124076"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-88",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.7,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5598"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"date": "2020-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"date": "2020-07-07T09:15:10.307000",
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46800"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5598"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-307"
},
{
"date": "2024-11-21T05:34:20.297000",
"db": "NVD",
"id": "CVE-2020-5598"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-307"
}
],
"trust": 0.6
}
}
VAR-202007-1227
Vulnerability from variot - Updated: 2024-11-23 22:05TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coreos",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "y"
},
{
"model": "gt23 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt25 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "gt27 model",
"scope": null,
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "electric gt27 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt25 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
},
{
"model": "electric gt23 model",
"scope": null,
"trust": 0.6,
"vendor": "mitsubishi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
]
},
"cve": "CVE-2020-5599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5599",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-46799",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5599",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5599",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-006469",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-46799",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-309",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5599"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5599",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU95413676",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-46799",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"id": "VAR-202007-1227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
],
"trust": 1.54642855
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
}
]
},
"last_update_date": "2024-11-23T22:05:45.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
},
{
"title": "Patch for Injection vulnerabilities in many Mitsubishi Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/231121"
},
{
"title": "Multiple Mitsubishi Electric Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124078"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.8
},
{
"problemtype": "CWE-476",
"trust": 0.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
},
{
"trust": 1.6,
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95413676/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5599"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"date": "2020-07-07T09:15:10.370000",
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-46799"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006469"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-309"
},
{
"date": "2024-11-21T05:34:20.397000",
"db": "NVD",
"id": "CVE-2020-5599"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-309"
}
],
"trust": 0.6
}
}
VAR-201804-0783
Vulnerability from variot - Updated: 2024-11-23 22:00Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "e-designer",
"scope": null,
"trust": 3.5,
"vendor": "mitsubishi electric",
"version": null
},
{
"_id": null,
"model": "e-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishielectric",
"version": "7.52"
},
{
"_id": null,
"model": "e-designer",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.52 build 344"
},
{
"_id": null,
"model": "electric europe b.v. e-designer build",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"_id": null,
"model": "electric e-designer build",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e designer",
"version": "7.52"
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
}
]
},
"credits": {
"_id": null,
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
}
],
"trust": 3.5
},
"cve": "CVE-2017-9636",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9636",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 3.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9636",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-22836",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9636",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-9636",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9636",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9636",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-22836",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-867",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-9636",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"description": {
"_id": null,
"data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9636"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
}
],
"trust": 5.85
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-9636",
"trust": 7.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100097",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22836",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3802",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-510",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3794",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-518",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3795",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-517",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3800",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-512",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3801",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-511",
"trust": 0.7
},
{
"db": "IVD",
"id": "DE3E14C2-EB4D-4863-9A11-51565DA2E669",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-9636",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"id": "VAR-201804-0783",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
}
]
},
"last_update_date": "2024-11-23T22:00:37.020000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/"
},
{
"title": "Patch for Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability (CNVD-2017-22836)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100853"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 6.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9636"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9636"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-510"
},
{
"db": "ZDI",
"id": "ZDI-17-518"
},
{
"db": "ZDI",
"id": "ZDI-17-517"
},
{
"db": "ZDI",
"id": "ZDI-17-512"
},
{
"db": "ZDI",
"id": "ZDI-17-511"
},
{
"db": "CNVD",
"id": "CNVD-2017-22836"
},
{
"db": "VULMON",
"id": "CVE-2017-9636"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
},
{
"db": "NVD",
"id": "CVE-2017-9636"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-510",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-518",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-517",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-512",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-511",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-22836",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-9636",
"ident": null
},
{
"db": "BID",
"id": "100097",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-9636",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-510",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-518",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-517",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-512",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-511",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22836",
"ident": null
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9636",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097",
"ident": null
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-867",
"ident": null
},
{
"date": "2018-04-17T14:29:00.417000",
"db": "NVD",
"id": "CVE-2017-9636",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-510",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-518",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-517",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-512",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-511",
"ident": null
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22836",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9636",
"ident": null
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097",
"ident": null
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013250",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-867",
"ident": null
},
{
"date": "2024-11-21T03:36:33.803000",
"db": "NVD",
"id": "CVE-2017-9636",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Mitsubishi E-Designer Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013250"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-867"
}
],
"trust": 0.8
}
}
VAR-201804-0782
Vulnerability from variot - Updated: 2024-11-23 22:00Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Mitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishielectric",
"version": "7.52"
},
{
"model": "e-designer",
"scope": null,
"trust": 1.4,
"vendor": "mitsubishi electric",
"version": null
},
{
"model": "e-designer",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "7.52 build 344"
},
{
"model": "electric europe b.v. e-designer build",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": "electric e-designer build",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "7.52344"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e designer",
"version": "7.52"
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
}
],
"trust": 1.4
},
"cve": "CVE-2017-9634",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9634",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9634",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22837",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9634",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2017-9634",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9634",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9634",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-22837",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-869",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-9634",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. \nMitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9634"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9634",
"trust": 5.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100097",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-22837",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3804",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-507",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3759",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-17-506",
"trust": 0.7
},
{
"db": "IVD",
"id": "3F385BD9-7C1C-4E38-AD57-7DB92192B1A5",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-9634",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"id": "VAR-201804-0782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
}
]
},
"last_update_date": "2024-11-23T22:00:36.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mitsubishielectric.co.jp/fa/"
},
{
"title": "Mitsubishi Electric Europe B.V. E-Designer patch for out-of-bounds write vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100852"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9634"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9634"
},
{
"trust": 0.3,
"url": "http://www.mrslim.com/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"db": "BID",
"id": "100097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"date": "2018-04-17T14:29:00.353000",
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-507"
},
{
"date": "2017-08-01T00:00:00",
"db": "ZDI",
"id": "ZDI-17-506"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22837"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9634"
},
{
"date": "2017-08-01T00:00:00",
"db": "BID",
"id": "100097"
},
{
"date": "2018-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013249"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-869"
},
{
"date": "2024-11-21T03:36:33.573000",
"db": "NVD",
"id": "CVE-2017-9634"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi E-Designer Vulnerable to out-of-bounds writing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013249"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-869"
}
],
"trust": 0.8
}
}