Search

Find a vulnerability

Search criteria

    166 vulnerabilities by mitsubishielectric

    VAR-201902-0127

    Vulnerability from variot - Updated: 2025-06-27 23:05

    Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan's Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0127",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "q06udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q100udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q26udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q13udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q04udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q26udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q04udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q20udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q10udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q06udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q06udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q26udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q13udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q04udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q03udecpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q50udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20101"
          },
          {
            "model": "q03udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q13udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20081"
          },
          {
            "model": "q03udecpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q03udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q04udpvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q04udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q06udpvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q06udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q13udpvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q13udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q26udpvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "q26udvcpu",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric q04/06/13/26udpvcpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20081"
          },
          {
            "model": "electric q04/06/10/13/20/26/50/100udehcpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20101"
          },
          {
            "model": "electric q03udecpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20101"
          },
          {
            "model": "electric q03/04/06/13/26udvcpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20081"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q03udecpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q03udvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q04udpvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q04udvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q06udpvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q06udvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q13udpvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q13udvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q26udpvcpu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:q26udvcpu_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tri Quach of Amazon???s Customer Fulfillment Technology Security (CFTS),Tri Quach of Amazon???s Customer Fulfillment Technology Security (CFTS)",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-6535",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-6535",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-157970",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-6535",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-6535",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6535",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2019-6535",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6535",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-973",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-157970",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan\u0027s Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6535",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-029-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "106771",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973",
            "trust": 0.7
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-98808",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-157970",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "id": "VAR-201902-0127",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          }
        ],
        "trust": 0.85
      },
      "last_update_date": "2025-06-27T23:05:24.314000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC-Q\u30b7\u30ea\u30fc\u30ba",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/fa/products/cnt/plcq/items/index.html"
          },
          {
            "title": "Multiple Misubishi Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89040"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-029-02"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/106771"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6535"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6535"
          },
          {
            "trust": 0.3,
            "url": "http://www.mitsubishi-automation.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "db": "BID",
            "id": "106771"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "date": "2019-01-29T00:00:00",
            "db": "BID",
            "id": "106771"
          },
          {
            "date": "2019-03-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "date": "2019-01-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "date": "2019-02-05T19:29:00.243000",
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-157970"
          },
          {
            "date": "2019-01-29T00:00:00",
            "db": "BID",
            "id": "106771"
          },
          {
            "date": "2019-03-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          },
          {
            "date": "2025-06-26T18:15:21.017000",
            "db": "NVD",
            "id": "CVE-2019-6535"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Mitsubishi Electric Q Vulnerability related to resource depletion in series products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001917"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-973"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202211-0443

    Vulnerability from variot - Updated: 2025-05-02 19:34

    Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. mac-557if-e firmware, mac-557if-e1 firmware, pac-wf010-e Multiple Mitsubishi Electric products, including firmware, contain vulnerabilities related to the transmission of sensitive information in plain text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0443",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mac-557if-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-568ifb-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-588if-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "pac-whs01wf-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2v-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-rw25\\/35\\/50vg-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-a1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-exa09\\/12vak",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vgb-a1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgkp-e6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgks-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft20\\/25vfk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vgw-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-a2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2r-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-a1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-hr25\\/35\\/42\\/50\\/60\\/71vfk-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-576if-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ap60\\/71vgk-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2r-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2b-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50\\/60\\/71vgk-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2b-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "s-mac-002if",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-a2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2v-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap22\\/25\\/35\\/42\\/50\\/61\\/70\\/80vgkd-a1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-rw25\\/35\\/50vg-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-gzy09\\/12\\/18vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50vg2w-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "s-mac-702if-f",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgkw-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-e6",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50\\/60\\/71vgk-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-558if-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-568if-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-hr25\\/35\\/42\\/50\\/60\\/71vfk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2b-et1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-fx20\\/25vfk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-587if-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-558if-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vgv-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2b-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vgr-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgks-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msy-gp10\\/13\\/15\\/18\\/20\\/24vfk-sg1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgkp-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2r-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "s-mac-702if-b",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vgr-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mfz-gxt50\\/60\\/73vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap15\\/20\\/25\\/35\\/42\\/50\\/60\\/71vgk-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-567ifb-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-568ifb2-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-zt09\\/12\\/18vak",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mfz-xt50\\/60vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgkp-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-e7",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2r-et1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-559if-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-et1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2b-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2v-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2w-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-en1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgkb-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "s-mac-702if-z",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "pac-wf010-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vgr-a1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-559if-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "s-mac-906if",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vgb-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ap15\\/20\\/25\\/35\\/42\\/50\\/60\\/71vgk-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-e8",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2v-et1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50vg2r-en1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-rw25\\/35\\/50vg-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-587if2-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vgv-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-hr25\\/35\\/42\\/50\\/60\\/71vfk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50vg2v-en1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-e6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2v-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-wx18\\/20\\/25vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap15\\/20\\/25\\/35\\/42\\/50\\/60\\/71vgk-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-a1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2v-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vgb-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgkw-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50vg2w-en1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap60\\/71vgk-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-rw25\\/35\\/50vg-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-eza09\\/12vak",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-gzt09\\/12\\/18vak",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgkp-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-en3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "ma-ew85s-uk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "80.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2b-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50\\/60\\/71vgk-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2w-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-566ifb-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap60\\/71vgk-et1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-a1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-a1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "s-mac-905if",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-567ifb2-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msxy-fp05\\/07\\/10\\/13\\/18\\/20\\/24vgk-sg1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2w-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vgw-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgkb-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ky09\\/12\\/18vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-507if-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap22\\/25\\/35\\/42\\/50\\/60\\/71\\/80vgkd-a2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-zy09\\/12\\/18vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-557if-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-sc2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-568ifb3-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2r-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2r-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-a1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-a2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vgv-a1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "ma-ew85s-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "80.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-er1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-hr25\\/35\\/42\\/50vfk-e6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-e1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50vg2b-en1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "mac-576if-e1",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-558if-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-568ifb2-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "s-mac-905if",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-557if-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-559if-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-566ifb-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-568ifb3-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-558if-e1",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "pac-wf010-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "s-mac-702if-f",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-568ifb-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-559if-e1",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-567ifb-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-557if-e1",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "s-mac-702if-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-567ifb2-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "s-mac-702if-z",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "pac-whs01wf-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "mac-568if-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33321"
          }
        ]
      },
      "cve": "CVE-2022-33321",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-33321",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-33321",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-33321",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-33321",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-33321",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202211-2342",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33321"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33321"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). \nThe wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. \nAs for the affected product models/versions, see the Mitsubishi Electric\u0027s advisory which is listed in [References] section. mac-557if-e firmware, mac-557if-e1 firmware, pac-wf010-e Multiple Mitsubishi Electric products, including firmware, contain vulnerabilities related to the transmission of sensitive information in plain text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-33321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-33321",
            "trust": 3.3
          },
          {
            "db": "JVN",
            "id": "JVNVU96767562",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2342",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33321"
          }
        ]
      },
      "id": "VAR-202211-0443",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "home \u0026 office device"
            ],
            "sub_category": "smart home device",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-05-02T19:34:19.689000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Mitsubishi Electric consumer electronics products Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=214368"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.0
          },
          {
            "problemtype": "Sending important information in clear text (CWE-319) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33321"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://jvn.jp/vu/jvnvu96767562/index.html"
          },
          {
            "trust": 2.4,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-010.pdf"
          },
          {
            "trust": 2.4,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-010_en.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96767562/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33321"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-33321/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33321"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33321"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          },
          {
            "date": "2022-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          },
          {
            "date": "2022-11-08T20:15:10.080000",
            "db": "NVD",
            "id": "CVE-2022-33321"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-11-06T08:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          },
          {
            "date": "2022-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          },
          {
            "date": "2025-05-01T19:15:51.833000",
            "db": "NVD",
            "id": "CVE-2022-33321"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vulnerability regarding clear text transmission of sensitive information in multiple Mitsubishi Electric products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-020783"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2342"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202211-0444

    Vulnerability from variot - Updated: 2025-05-01 21:19

    Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0444",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "msz-ay25\\/35\\/42\\/50vgkp-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-sc2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgks-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap15\\/20\\/25\\/35\\/42\\/50\\/60\\/71vgk-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-e7",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50\\/60\\/71vgk-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap15\\/20\\/25\\/35\\/42\\/50\\/60\\/71vgk-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-hr25\\/35\\/42\\/50\\/60\\/71vfk-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap22\\/25\\/35\\/42\\/50\\/60\\/71\\/80vgkd-a2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2r-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-exa09\\/12vak",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50\\/60\\/71vgk-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50\\/60\\/71vgk-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgkb-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ky09\\/12\\/18vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-a1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-e8",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msy-gp10\\/13\\/15\\/18\\/20\\/24vfk-sg1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2b-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkb-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-en3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgks-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-hr25\\/35\\/42\\/50\\/60\\/71vfk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap15\\/20\\/25\\/35\\/42\\/50\\/60\\/71vgk-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2r-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-a2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-rw25\\/35\\/50vg-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-rw25\\/35\\/50vg-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2b-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-a1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-588if-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgkp-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mfz-gxt50\\/60\\/73vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2v-e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-en1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-gzy09\\/12\\/18vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgkb-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgkp-e6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-e6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "ma-ew85s-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "80.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-587if2-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-a1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2b-a2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2v-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-wx18\\/20\\/25vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-zy09\\/12\\/18vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mfz-xt50\\/60vfk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2r-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-eza09\\/12vak",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "ma-ew85s-uk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "80.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2b-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50vg2w-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msxy-fp05\\/07\\/10\\/13\\/18\\/20\\/24vgk-sg1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2w-et3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-rw25\\/35\\/50vg-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-hr25\\/35\\/42\\/50vfk-e6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-507if-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ay25\\/35\\/42\\/50vgkp-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2v-a2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2w-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap22\\/25\\/35\\/42\\/50\\/61\\/70\\/80vgkd-a1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50\\/60vg2w-er3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2w-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-rw25\\/35\\/50vg-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgkw-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-hr25\\/35\\/42\\/50\\/60\\/71vfk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "mac-587if-e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-er1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2r-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2v-en2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgkw-e1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-et2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "s-mac-002if",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ap25\\/35\\/42\\/50vgk-et1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ft25\\/35\\/50vgk-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln18\\/25\\/35\\/50\\/60vg2v-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-bt20\\/25\\/35\\/50vgk-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef18\\/22\\/25\\/35\\/42\\/50vgkw-e2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2r-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ef22\\/25\\/35\\/42\\/50vgks-er2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          },
          {
            "model": "msz-ln25\\/35\\/50vg2b-sc1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35.00"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ]
      },
      "cve": "CVE-2022-33322",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-33322",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-33322",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-33322",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202211-2339",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33322"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user\u0027s browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric\u0027s advisory which is listed in [References] section.\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-33322",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU96767562",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ]
      },
      "id": "VAR-202211-0444",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "home \u0026 office device"
            ],
            "sub_category": "smart home device",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-05-01T21:19:20.047000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Mitsubishi Electric consumer electronics products Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=214622"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/vu/jvnvu96767562/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-33322/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          },
          {
            "date": "2022-11-08T20:15:11.017000",
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          },
          {
            "date": "2025-05-01T15:15:55.120000",
            "db": "NVD",
            "id": "CVE-2022-33322"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric consumer electronics products Cross-site scripting vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202211-2339"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0077

    Vulnerability from variot - Updated: 2025-04-20 23:34

    An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0077",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "electric qj71e71-100",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric qj71e71-b2",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric qj71e71-b5",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 100",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 b5",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 b2",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b5_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vladimir Dashchenko of Critical Infrastructure Defense Team",
        "sources": [
          {
            "db": "BID",
            "id": "94632"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-8370",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8370",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-007661",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-11833",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e9b21e03-b557-44eb-b380-01d11c51c00c",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-97190",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8370",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 8.6,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-007661",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8370",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-007661",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-11833",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-463",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e9b21e03-b557-44eb-b380-01d11c51c00c",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97190",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8370",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-336-03",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "94632",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99901500",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E9B21E03-B557-44EB-B380-01D11C51C00C",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "id": "VAR-201702-0077",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          }
        ],
        "trust": 1.7055555333333334
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:34:29.489000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/JVNVU99901500/479518/index.html"
          },
          {
            "title": "Multiple Mitsubishi Electric MELSEC-Q series products have patches for security bypass vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/84929"
          },
          {
            "title": "Multiple Mitsubishi Electric Automation MELSEC-Q Repair measures for series product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67753"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-327",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-412",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94632"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99901500/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-05T00:00:00",
            "db": "IVD",
            "id": "e9b21e03-b557-44eb-b380-01d11c51c00c"
          },
          {
            "date": "2016-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "BID",
            "id": "94632"
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "date": "2017-02-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "date": "2017-02-13T21:59:01.220000",
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11833"
          },
          {
            "date": "2017-03-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97190"
          },
          {
            "date": "2016-12-20T00:06:00",
            "db": "BID",
            "id": "94632"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "date": "2021-05-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8370"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric  MELSEC-Q Series  Ethernet Multiple vulnerabilities in interface module",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-463"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0075

    Vulnerability from variot - Updated: 2025-04-20 23:34

    An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. Attackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0075",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "electric qj71e71-100",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric qj71e71-b2",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "electric qj71e71-b5",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "mitsubishi",
            "version": "0"
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "of"
          },
          {
            "model": "qj71e71-b2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "qj71e71-b5",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 100",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 b5",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "qj71e71 b2",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-b5_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vladimir Dashchenko of Critical Infrastructure Defense Team",
        "sources": [
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-8368",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8368",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-007661",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-11832",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-97188",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8368",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 8.6,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-007661",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8368",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-007661",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-11832",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201612-009",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97188",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. \nAttackers can exploit these issues to perform unauthorized  actions or cause  denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8368",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-336-03",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "94632",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99901500",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "218C8DDF-AE70-4D34-AB2C-7271D1A5A80F",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "id": "VAR-201702-0075",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          }
        ],
        "trust": 1.7055555333333334
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:34:29.448000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/JVNVU99901500/479518/index.html"
          },
          {
            "title": "Patches for multiple service violations in multiple Mitsubishi Electric MELSEC-Q series products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/84928"
          },
          {
            "title": "Mitsubishi Electric MELSEC-Q Series Product Security Bypass Vulnerabilities and Remediation Measures for Denial of Service Vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65991"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-662",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.9
          },
          {
            "problemtype": "CWE-412",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-327",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94632"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99901500/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "db": "BID",
            "id": "94632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-05T00:00:00",
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "BID",
            "id": "94632"
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "date": "2016-12-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "date": "2017-02-13T21:59:01.173000",
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11832"
          },
          {
            "date": "2017-03-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97188"
          },
          {
            "date": "2016-12-20T00:06:00",
            "db": "BID",
            "id": "94632"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          },
          {
            "date": "2021-09-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8368"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric  MELSEC-Q Series  Ethernet Multiple vulnerabilities in interface module",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007661"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-009"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201402-0087

    Vulnerability from variot - Updated: 2025-04-11 23:14

    An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Mitsubishi MC-WorkX is a factory automation application tool. Mitsubishi MC-WorX is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Mitsubishi MC-WorX 8.02 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0087",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mc-worx suite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "8.02"
          },
          {
            "model": "mc worx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "8.02"
          },
          {
            "model": "electric europe b.v. mc-worx",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "8.x"
          },
          {
            "model": "mc-worx suite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": "8.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "mc worx suite",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:mc-worx_suite",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Blake",
        "sources": [
          {
            "db": "BID",
            "id": "62414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-2817",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2013-2817",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2013-13110",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "33985888-2352-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-2817",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-2817",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-13110",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201309-279",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "33985888-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Mitsubishi MC-WorkX is a factory automation application tool. Mitsubishi MC-WorX is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nMitsubishi MC-WorX 8.02 is vulnerable;  other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "BID",
            "id": "62414"
          },
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-2817",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-051-02",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "62414",
            "trust": 1.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "54852",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "28284",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "33985888-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "BID",
            "id": "62414"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "id": "VAR-201402-0087",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:14:40.460000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MC Works",
            "trust": 0.8,
            "url": "http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works"
          },
          {
            "title": "IcoLaunchPatch_PlaceInBinFolder",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48278"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.meau.com/eprise/main/sites/public/products/software/-mc_works"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2817"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2817"
          },
          {
            "trust": 0.6,
            "url": "http://www.exploit-db.com/exploits/28284/"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/54852"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/62414"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "BID",
            "id": "62414"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-18T00:00:00",
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "date": "2013-09-15T00:00:00",
            "db": "BID",
            "id": "62414"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "date": "2013-09-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "date": "2014-02-24T04:48:09.757000",
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "date": "2014-02-25T07:51:00",
            "db": "BID",
            "id": "62414"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006066"
          },
          {
            "date": "2014-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-2817"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi MC-WorX \u0027IcoLaunch.dll\u0027\u0027 ActiveX Control Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13110"
          },
          {
            "db": "BID",
            "id": "62414"
          }
        ],
        "trust": 1.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code injection",
        "sources": [
          {
            "db": "IVD",
            "id": "33985888-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-279"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202310-0178

    Vulnerability from variot - Updated: 2025-03-22 23:41

    Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.As a result of a crafted message being sent by a third party who has access to the product, a sequence program, etc. is read without authentication, or a malicious sequence program, fraudulent device data, etc. is written. , information may be leaked or falsified. The expected impact will differ depending on the number of digits of the keyword you have set. * 8 In the case of digit keyword authentication, information leakage and information falsification due to lack of authentication * 16 For digit keyword authentication: Authentication evasion due to authentication failure For details, please check the information provided by the developer. Mitsubishi Electric MELSEC-F Series is a basic micro PLC with scalable analog and communication functions for industrial control equipment of Mitsubishi Electric Corporation of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0178",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fx3g-60mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ga-60mt-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mt\\/ess-2ad",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-48mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-4ad-ptw-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14 mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-24mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64ms\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-16mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14 mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3sa-20mr-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-16mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-14mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-4ad-tc-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-10mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14 mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40 mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-40mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3sa-30mr-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60 mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60 mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-16mt\\/dss-p4",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60 mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3sa-30mt-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-48mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-24mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-32mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40 mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ga-24mt-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-cnv-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-40mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-48mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-80mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-16mr\\/d-t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-40mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3gc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-16mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-48mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-10mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-128mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-14mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-40mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-16mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14 mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-14mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60 mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-enet-p502",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3gc-32mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-10mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-32mt-lt-2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-20mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-48mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-20mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-485adp\\",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24 mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-4ad-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40 mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-16mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-16mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-48mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ga-40mt-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-16mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-40mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-40mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-128mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-48mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-20mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ga-40mr-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-4ad-pt-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3sa-14mt-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24 mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-3a-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-80mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-80mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-10mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-20mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40 mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-96mt\\/d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-32mt\\/d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-64mt\\/d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-128mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mr\\/ua1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32ms\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3sa-10mt-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3sa-10mr-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14 mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-24mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-14mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-enet-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-64mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-24mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-16mt\\/d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-24mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-80mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24 mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40 mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3sa-14mr-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-80mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40 mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-4da-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ga-60mr-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-16mt\\/d-p4",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-48mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-20mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ga-24mr-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24 mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-10mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-96mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24 mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-10mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-40mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-enet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-20mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mt\\/es-2ad",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3ge-24mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-16mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-16mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14 mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3sa-20mt-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mr\\/es-2ad",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-4da-pnk-adp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-14mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3gc-32mt\\/d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-24 mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60 mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-32mt-lt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-128mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-80mt\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3uc-16mr\\/ds-t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-14mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-32 mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-64mr\\/ua1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-32mr\\/ds",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-128mt\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-80mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-14mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-232adp\\",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3u-80mr\\/es-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s-30mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3g-60 mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx3s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx3gc",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx3u",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx3uc",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx3g",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric melsec-f series",
            "scope": null,
            "trust": 0.6,
            "vendor": "misubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-4562"
          }
        ]
      },
      "cve": "CVE-2023-4562",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.4,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-00210",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-4562",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-003809",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-4562",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
                "id": "CVE-2023-4562",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-003809",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-00210",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-4562"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-4562"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.As a result of a crafted message being sent by a third party who has access to the product, a sequence program, etc. is read without authentication, or a malicious sequence program, fraudulent device data, etc. is written. , information may be leaked or falsified. The expected impact will differ depending on the number of digits of the keyword you have set. * 8 In the case of digit keyword authentication, information leakage and information falsification due to lack of authentication * 16 For digit keyword authentication: Authentication evasion due to authentication failure For details, please check the information provided by the developer. Mitsubishi Electric MELSEC-F Series is a basic micro PLC with scalable analog and communication functions for industrial control equipment of Mitsubishi Electric Corporation of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-4562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-4562"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-4562",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-285-13",
            "trust": 1.9
          },
          {
            "db": "JVN",
            "id": "JVNVU90509290",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-4562",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-4562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-4562"
          }
        ]
      },
      "id": "VAR-202310-0178",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          }
        ]
      },
      "last_update_date": "2025-03-22T23:41:08.407000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC-F\u00a0 Vulnerabilities of information leakage, information tampering, and authentication bypass in the basic unit",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-012.pdf"
          },
          {
            "title": "Patch for Mitsubishi Electric MELSEC-F Series Authentication Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/513051"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate authentication (CWE-287) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-4562"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://jvn.jp/vu/jvnvu90509290/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu90509290/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-4562"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-4562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-4562"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-4562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-4562"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "date": "2023-10-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-4562"
          },
          {
            "date": "2023-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "date": "2023-10-13T02:15:09.917000",
            "db": "NVD",
            "id": "CVE-2023-4562"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-00210"
          },
          {
            "date": "2023-10-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-4562"
          },
          {
            "date": "2024-05-17T08:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          },
          {
            "date": "2023-10-23T19:15:51.397000",
            "db": "NVD",
            "id": "CVE-2023-4562"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric \u00a0MELSEC-F\u00a0 Improper authentication vulnerability in series base unit",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-003809"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202311-2162

    Vulnerability from variot - Updated: 2025-03-14 22:44

    Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric's GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202311-2162",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "gx works2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "gx works2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "gx works2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric mitsubishi electric gx works2",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5275"
          }
        ]
      },
      "cve": "CVE-2023-5275",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 1.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.5,
                "id": "CNVD-2024-00208",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.0,
                "id": "CVE-2023-5275",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
                "availabilityImpact": "LOW",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.0,
                "id": "CVE-2023-5275",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 4.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2023-5275",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-5275",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
                "id": "CVE-2023-5275",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-5275",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-00208",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5275"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5275"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric\u0027s GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-5275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5275"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-5275",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-331-03",
            "trust": 1.9
          },
          {
            "db": "JVN",
            "id": "JVNVU98760962",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5275",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5275"
          }
        ]
      },
      "id": "VAR-202311-2162",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          }
        ]
      },
      "last_update_date": "2025-03-14T22:44:38.765000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Mitsubishi Electric GX Works2 Input Validation Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/513036"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5275"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf"
          },
          {
            "trust": 2.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03"
          },
          {
            "trust": 1.9,
            "url": "https://jvn.jp/vu/jvnvu98760962/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-5275"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5275"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5275"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          },
          {
            "date": "2023-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-5275"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "date": "2023-11-30T05:15:10.400000",
            "db": "NVD",
            "id": "CVE-2023-5275"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-00208"
          },
          {
            "date": "2023-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-5275"
          },
          {
            "date": "2024-07-17T01:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          },
          {
            "date": "2023-12-05T18:18:37.050000",
            "db": "NVD",
            "id": "CVE-2023-5275"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric\u0027s \u00a0GX\u00a0Works2\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026370"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202311-2161

    Vulnerability from variot - Updated: 2025-03-14 22:44

    Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric's GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller of Mitsubishi Electric Corporation of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202311-2161",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "gx works2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "gx works2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "gx works2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "electric mitsubishi electric gx works2",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5274"
          }
        ]
      },
      "cve": "CVE-2023-5274",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 1.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.5,
                "id": "CNVD-2024-00209",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.0,
                "id": "CVE-2023-5274",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
                "availabilityImpact": "LOW",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.0,
                "id": "CVE-2023-5274",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 4.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2023-5274",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-5274",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
                "id": "CVE-2023-5274",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-5274",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-00209",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5274"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5274"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Mitsubishi Electric\u0027s GX Works2 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Mitsubishi Electric GX Works2 is a programmable controller of Mitsubishi Electric Corporation of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-5274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5274"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-5274",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-331-03",
            "trust": 1.9
          },
          {
            "db": "JVN",
            "id": "JVNVU98760962",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5274",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5274"
          }
        ]
      },
      "id": "VAR-202311-2161",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          }
        ]
      },
      "last_update_date": "2025-03-14T22:44:38.741000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Mitsubishi Electric GX Works2 Input Validation Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/513041"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5274"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf"
          },
          {
            "trust": 2.0,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03"
          },
          {
            "trust": 1.9,
            "url": "https://jvn.jp/vu/jvnvu98760962/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-5274"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5274"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5274"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          },
          {
            "date": "2023-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-5274"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "date": "2023-11-30T05:15:09.983000",
            "db": "NVD",
            "id": "CVE-2023-5274"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-00209"
          },
          {
            "date": "2023-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-5274"
          },
          {
            "date": "2024-07-17T01:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          },
          {
            "date": "2023-12-05T18:20:39.937000",
            "db": "NVD",
            "id": "CVE-2023-5274"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric\u0027s \u00a0GX\u00a0Works2\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-026369"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201911-1188

    Vulnerability from variot - Updated: 2024-11-23 23:04

    In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1188",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "l26cpu-bt-cm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l02\\/06\\/26cpu-cm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l02\\/06\\/26cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l26cpu-bt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l02\\/06\\/26cpu-p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "q03udecpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": "l26cpu-pbt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "q03\\/04\\/06\\/13\\/26udvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": "q04\\/06\\/13\\/26udpvcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": "q04\\/06\\/10\\/13\\/20\\/26\\/50\\/100udehcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l02/06/26cpu"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l26cpu-bt ( top serial number 5 digits  21101  )"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l02/06/26cpu-cm"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l26cpu-bt-cm ( top serial number 5 digits  21101  )"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l02/06/26cpu-p"
          },
          {
            "model": "melsec-l series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "l26cpu-pbt ( top serial number 5 digits  21101  )"
          },
          {
            "model": "melsec-q series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "q03/04/06/13/26udvcpu ( top serial number 5 digits  21081  )"
          },
          {
            "model": "melsec-q series cpu unit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "q03udecpu"
          },
          {
            "model": "melsec-q series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "q04/06/10/13/20/26/50/100udehcpu ( top serial number 5 digits  21081  )"
          },
          {
            "model": "melsec-q series cpu unit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "q04/06/13/26udpvcpu ( top serial number 5 digits  21081  )"
          },
          {
            "model": "electric mitsubishi electric melsec-q series \u003c=q03/04/06/13/26udvcpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21081"
          },
          {
            "model": "electric mitsubishi electric melsec-q series \u003c=q04/06/13/26udpvcpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21081"
          },
          {
            "model": "electric mitsubishi electric melsec-q series \u003c=q03udecpu q04/06/10/13/20/26/50/100udehcpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21081"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l26cpu-bt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu-p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l26cpu-pbt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu-cm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l26cpu-bt-cm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "electric mitsubishi melsec-l series \u003c=l02/06/26cpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "21101"
          },
          {
            "model": "l26cpu-bt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "l26cpu-bt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-pbt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": "21101"
          },
          {
            "model": "q03udecpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q03udecpu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishielectric",
            "version": "21081"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "q03 04 06 13 26udvcpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l26cpu bt cm",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "q04 06 13 26udpvcpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "q03udecpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "q04 06 10 13 20 26 50 100udehcpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l02 06 26cpu",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l26cpu bt",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l02 06 26cpu p",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l26cpu pbt",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "l02 06 26cpu cm",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec-l_series_cpu_unit",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec-q_series_cpu_unit",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          }
        ]
      },
      "cve": "CVE-2019-13555",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-13555",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "JPCERT/CC",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-011686",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-41428",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "id": "CVE-2019-13555",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "JPCERT/CC",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-011686",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-13555",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "JPCERT/CC",
                "id": "JVNDB-2019-011686",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-41428",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-424",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-13555",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-13555",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-311-01",
            "trust": 3.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97094124",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4209",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "00D06E5F-E8D7-433D-9E94-3FF51C3E39B6",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "id": "VAR-201911-1188",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          }
        ],
        "trust": 1.7375
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:04:35.531000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC-Q\u30b7\u30ea\u30fc\u30baCPU\u3001\u304a\u3088\u3073MELSEC-L\u30b7\u30ea\u30fc\u30baCPU\u306b\u304a\u3051\u308bFTP\u30b5\u30fc\u30d0\u6a5f\u80fd\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-002.pdf"
          },
          {
            "title": "Patch for Mitsubishi Electric MELSEC-Q Series and Mitsubishi MELSEC-L Series Resource Management Error Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/191107"
          },
          {
            "title": "Mitsubishi Electric MELSEC-Q Series  and MELSEC-L Series Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103038"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13555"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13555"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu97094124"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4209/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-20T00:00:00",
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "date": "2019-11-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "date": "2019-11-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "date": "2019-11-13T23:15:11.327000",
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41428"
          },
          {
            "date": "2019-11-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-13555"
          },
          {
            "date": "2019-12-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          },
          {
            "date": "2019-11-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          },
          {
            "date": "2024-11-21T04:25:08.387000",
            "db": "NVD",
            "id": "CVE-2019-13555"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC-Q series  CPU Unit and  MELSEC-L series  CPU Unit  FTP Server function resource exhaustion vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011686"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "00d06e5f-e8d7-433d-9e94-3ff51c3e39b6"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-424"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202006-0119

    Vulnerability from variot - Updated: 2024-11-23 23:04

    Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Resource exhaustion vulnerabilities in series units (CWE-400) Exists This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.When a malicious packet is received from a remote third party, Ethernet Port communication interferes with service operation (DoS) It may be in a state. A reset is required for recovery. Misubishi Electric MELSEC iQ-R series is a programmable logic controller manufactured by Misubishi Electric, Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0119",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "melsec iq-r08pcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-rj71en71",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r01cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "7"
          },
          {
            "model": "melsec iq-r00cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "7"
          },
          {
            "model": "melsec iq-r08fcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20"
          },
          {
            "model": "melsec iq-r120pcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r04cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "39"
          },
          {
            "model": "melsec iq-r08cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "39"
          },
          {
            "model": "melsec iq-r16cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "39"
          },
          {
            "model": "melsec iq-r16fcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20"
          },
          {
            "model": "melsec iq-r16pcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r32sfcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r120fcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20"
          },
          {
            "model": "melsec iq-r02cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "7"
          },
          {
            "model": "melsec iq-r32fcpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20"
          },
          {
            "model": "melsec iq-r16sfcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r32cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "39"
          },
          {
            "model": "melsec iq-r32pcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r120cpu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "39"
          },
          {
            "model": "melsec iq-r08sfcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r120sfcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "melsec iq-r  series  r00/01/02cpu  firmware version  \"7\"  and earlier"
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "melsec iq-r  series  r04/08/16/32/120cpu , r04/08/16/32/120encpu  firmware version  \"39\"  and earlier"
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "melsec iq-r  series  r08/16/32/120sfcpu  firmware version  \"20 \"  and earlier"
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "melsec iq-r  series  r08/16/32/120pcpu  firmware version   \" 24 \"   and earlier"
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "melsec iq-r  series  r08/16/32/120psfcpu  firmware version   \" 05 \"   and earlier"
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": "melsec iq-r  series  rj71en71  firmware version   \" 49 \"   and earlier"
          },
          {
            "model": "electric r04/08/16/32/120encpu",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "\u003c=39"
          },
          {
            "model": "electric r00/01/02cpu",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "\u003c=7"
          },
          {
            "model": "electric r08/16/32/120sfcpu",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "\u003c=20"
          },
          {
            "model": "electric r08/16/32/120pcpu",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric r08/16/32/120psfcpu",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric rj71en71",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric r04/08/16/32/120cpu",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "\u003c=39"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-13238"
          }
        ]
      },
      "cve": "CVE-2020-13238",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-13238",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "JPCERT/CC",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005243",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46803",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-13238",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "JPCERT/CC",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005243",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-13238",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "JPCERT/CC",
                "id": "JVNDB-2020-005243",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46803",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-827",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-13238",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-13238"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-827"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-13238"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Resource exhaustion vulnerabilities in series units (CWE-400) Exists This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.When a malicious packet is received from a remote third party, Ethernet Port communication interferes with service operation (DoS) It may be in a state. A reset is required for recovery. Misubishi Electric MELSEC iQ-R series is a programmable logic controller manufactured by Misubishi Electric, Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-13238"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-13238"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-161-02",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-13238",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU97662844",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2013",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-827",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-13238",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-13238"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-827"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-13238"
          }
        ]
      },
      "id": "VAR-202006-0119",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          }
        ],
        "trust": 1.5375
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:04:23.619000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC\u00a0iQ-R Of the series Ethernet Denial of service on port (DoS) Vulnerability",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-001.pdf"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/yossireuven/Publications "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-13238"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          },
          {
            "problemtype": "Resource exhaustion (CWE-400) [JPCERT/CC Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-13238"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-02"
          },
          {
            "trust": 2.5,
            "url": "http://jvn.jp/vu/jvnvu97662844/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-001_en.pdf"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13238"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2013/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-02"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/yossireuven/publications"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-13238"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-827"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-13238"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-13238"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-827"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-13238"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          },
          {
            "date": "2020-06-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-13238"
          },
          {
            "date": "2020-06-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "date": "2020-06-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-827"
          },
          {
            "date": "2020-06-10T20:15:14.140000",
            "db": "NVD",
            "id": "CVE-2020-13238"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46803"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-13238"
          },
          {
            "date": "2021-04-21T04:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          },
          {
            "date": "2020-11-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-827"
          },
          {
            "date": "2024-11-21T05:00:51.327000",
            "db": "NVD",
            "id": "CVE-2020-13238"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-827"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric \u00a0MELSEC\u00a0iQ-R\u00a0 Of the series \u00a0Ethernet\u00a0 Port resource exhaustion vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005243"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-827"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-1251

    Vulnerability from variot - Updated: 2024-11-23 22:57

    Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions, Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions, Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELIPC Series MI5122-VW firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.When the product receives a packet crafted by a remote third party, the product Ethernet Communication function interferes with service operation ( DoS ) May be in a state. In addition, service operation interruption ( DoS ) It is necessary to reset the product to recover from the state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1251",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "q13udvcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-\\ bt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q26udehcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q06udehcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q06phcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q10udehcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-bt-cm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q26udvcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q06udvcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l06cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q100udehcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q04udvcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q20udehcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q06udpvcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q50udehcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02scpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q04udpvcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q26dhccpu-ls",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q13udpvcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-bt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q13udehcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-pbt",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q26udpvcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q03udecpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l26cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l06cpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q06ccpu-v",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02scpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "l02cpu-p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "q04udehcpu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "melsec iq-r \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "melsec q \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "melipc \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "melsec l \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24946"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric reported this vulnerability to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-24946",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-24946",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-24946",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-001954",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-24946",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-24946",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-1550",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-24946",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-24946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24946"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions \"16\" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. \"24061\" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. \"24061\" and prior, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number \"24051\" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number \"24051\" and prior, Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions, Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions, Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number \"24051\" and prior, Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number \"24051\" and prior and Mitsubishi Electric MELIPC Series MI5122-VW firmware versions \"05\" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.When the product receives a packet crafted by a remote third party, the product Ethernet Communication function interferes with service operation ( DoS ) May be in a state. In addition, service operation interruption ( DoS ) It is necessary to reset the product to recover from the state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-24946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-24946"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-24946",
            "trust": 3.3
          },
          {
            "db": "JVN",
            "id": "JVNVU90895626",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-172-01",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-24946",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-24946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24946"
          }
        ]
      },
      "id": "VAR-202206-1251",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.75
      },
      "last_update_date": "2024-11-23T22:57:38.622000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC\u00a0 and \u00a0MELIPC\u00a0 Of the series \u00a0Ethernet\u00a0 Denial of service on port (DoS) Vulnerability",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-007.pdf"
          },
          {
            "title": "Mitsubishi Electric MELSEC-Q Series Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196987"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-24946 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-24946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-667",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate resource lock (CWE-413) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24946"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-01"
          },
          {
            "trust": 2.5,
            "url": "https://jvn.jp/vu/jvnvu90895626/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-007_en.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24946"
          },
          {
            "trust": 0.6,
            "url": "https://jvn.jp/vu/jvnvu#90895626/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-24946/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-172-01"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/667.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-24946"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-24946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24946"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-24946"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-24946"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-06-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-24946"
          },
          {
            "date": "2022-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "date": "2022-06-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          },
          {
            "date": "2022-06-15T21:15:09.333000",
            "db": "NVD",
            "id": "CVE-2022-24946"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-24946"
          },
          {
            "date": "2024-05-31T03:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          },
          {
            "date": "2022-08-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          },
          {
            "date": "2024-11-21T06:51:26.130000",
            "db": "NVD",
            "id": "CVE-2022-24946"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric \u00a0MELSEC\u00a0 and \u00a0MELIPC\u00a0 Improper resource lock vulnerability in series",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001954"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1550"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-1511

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.

    There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1511",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "melsec-q",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-f",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec-fx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec iq-r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "*"
          },
          {
            "model": "melsec fx series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec iq-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec iq-r series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec l series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "melsec q series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "\u306e cpu \u30e6\u30cb\u30c3\u30c8 \u5168\u3066"
          },
          {
            "model": "electric melsec fx",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec iq-r",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec iq-f",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec q",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric melsec l",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_fx_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-f_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_l_series",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_q_series",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shunkai Zhu , Rongkuan Ma , Peng Cheng from NESC Lab of Zhejiang University",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-5594",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5594",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46802",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5594",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 10,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005854",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5594",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-005854",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46802",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1590",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5594",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan\u0027s Mitsubishi Electric (Mitsubishi Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91424496",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-175-01",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2176",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "id": "VAR-202006-1511",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          }
        ],
        "trust": 1.3499999919999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:33:25.234000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC iQ-R\u3001iQ-F\u3001Q\u3001L\u3001FX\u30b7\u30ea\u30fc\u30ba   \u306eCPU\u30e6\u30cb\u30c3\u30c8\u3068GX Works3\u304a\u3088\u3073GX Works2\u9593\u306e\u901a\u4fe1\u306b\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u60c5\u5831\u6539\u3056\u3093\u3001\u4e0d\u6b63\u64cd\u4f5c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/vu/jvnvu91424496/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-003.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-003_en.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5594"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu91424496"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-175-01"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5594"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-005854.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2176/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "date": "2020-06-23T08:15:10.487000",
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46802"
          },
          {
            "date": "2020-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5594"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          },
          {
            "date": "2024-11-21T05:34:19.893000",
            "db": "NVD",
            "id": "CVE-2020-5594"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC iQ-R , iQ-F , Q , L , FX Of the series  CPU With the unit  GX Works3 and  GX Works2 Vulnerability in plaintext communication between",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005854"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1590"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201905-1060

    Vulnerability from variot - Updated: 2024-11-23 22:21

    In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan's Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following MELSEC-Q series PLCs are affected: QJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1060",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "qj71e71-100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "20121"
          },
          {
            "model": "qj71e71-100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "( above the serial number  5 digits  20121 previous version )"
          },
          {
            "model": "electric melsec-q series plcs j71e71-100 serial number",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "\u003c=20121"
          },
          {
            "model": "electric qj71e71-100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20121"
          },
          {
            "model": "electric qj71e71-100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "18072"
          },
          {
            "model": "electric qj71e71-100",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "20122"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:qj71e71-100_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Younes Dragoni and Alessandro Di Pinto of Nozomi Networks,Younes Dragoni and Alessandro Di Pinto of Nozomi Networks reported this vulnerability to Mitsubishi and NCCIC.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-10977",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-10977",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-003963",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-16527",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-142577",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-10977",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-003963",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-10977",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2019-003963",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-16527",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-839",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-142577",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan\u0027s Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following MELSEC-Q series PLCs are affected:\nQJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10977",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-141-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "108419",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93268101",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1867",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "id": "VAR-201905-1060",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          }
        ],
        "trust": 1.575
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:21:37.107000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u304a\u554f\u3044\u5408\u308f\u305b | \u4e09\u83f1\u96fb\u6a5f FA",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/fa/support/purchase/index.html"
          },
          {
            "title": "Patch for MitsubishiElectricMELSEC-QSeriesPLCs Remote Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/163035"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-755",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://www.securityfocus.com/bid/108419"
          },
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-141-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10977"
          },
          {
            "trust": 0.9,
            "url": "http://www.mitsubishi-automation.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10977"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93268101/"
          },
          {
            "trust": 0.6,
            "url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-10977"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.1867/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "db": "BID",
            "id": "108419"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "date": "2019-05-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "date": "2019-05-21T00:00:00",
            "db": "BID",
            "id": "108419"
          },
          {
            "date": "2019-05-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "date": "2019-05-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "date": "2019-05-23T14:29:07.610000",
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-16527"
          },
          {
            "date": "2020-10-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142577"
          },
          {
            "date": "2019-05-21T00:00:00",
            "db": "BID",
            "id": "108419"
          },
          {
            "date": "2019-05-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          },
          {
            "date": "2024-11-21T04:20:16.957000",
            "db": "NVD",
            "id": "CVE-2019-10977"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  MELSEC-Q series  Ethernet Service operation interruption in the interface unit (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003963"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-839"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202203-1529

    Vulnerability from variot - Updated: 2024-11-23 22:20

    Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. plural Mitsubishi Electric MELSEC iQ-F A series of products contains a vulnerability related to the use of password hashes that are not strong enough.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Mitsubishi Electric Automation (China) Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. Mainly produces mechanical appliances for power distribution (including low-voltage circuit breakers, electromagnetic switches), electrical processing products (including CNC EDM machines, wire-cut EDM machines, and laser processing machines).

    Mitsubishi MELSEC Q03UDECPU PLC has a logic flaw vulnerability, an attacker can use the vulnerability to decrypt the correct key through the encrypted password, and directly replay the message containing the key

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1529",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fx5uc-32mt\\/dss-ts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-40mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uc-32mt\\/d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uc-32mt\\/ds-ts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-24mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uc-32mr\\/ds-ts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uc-32mt\\/dss",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-24mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-40mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-40mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-60mt\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-60mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-60mt\\/ess",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uj-24mr\\/es",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": null
          },
          {
            "model": "fx5uc-32mt/d",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uc-32mr/ds-ts",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uj-40mt/es",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uj-40mr/es",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uc",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uj-24mt/ess",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uc-32mt/dss",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uj-24mr/es",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uj-40mt/ess",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "fx5uj-24mt/es",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u4e09\u83f1\u96fb\u6a5f",
            "version": null
          },
          {
            "model": "melsec q03udecpu plc",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi electric automation",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25156"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Iliya Rogachev and Artur Akhatov of Positive Technologies reported these vulnerabilities to Mitsubishi Electric.,Anton Dorfman, Dmitry Sklyarov",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-25156",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-25156",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2022-41726",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-25156",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-25156",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-25156",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-25156",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-41726",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2694",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25156"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. plural  Mitsubishi Electric MELSEC iQ-F A series of products contains a vulnerability related to the use of password hashes that are not strong enough.Information is obtained, information is tampered with, and service is disrupted  (DoS) It may be put into a state. Mitsubishi Electric Automation (China) Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. Mainly produces mechanical appliances for power distribution (including low-voltage circuit breakers, electromagnetic switches), electrical processing products (including CNC EDM machines, wire-cut EDM machines, and laser processing machines). \n\r\n\r\nMitsubishi MELSEC Q03UDECPU PLC has a logic flaw vulnerability, an attacker can use the vulnerability to decrypt the correct key through the encrypted password, and directly replay the message containing the key",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-25156",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-090-04",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU96577897",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25156"
          }
        ]
      },
      "id": "VAR-202203-1529",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:20:33.214000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Authentication\u00a0Bypass,\u00a0Information\u00a0Disclosure\u00a0and\u00a0Information\u00a0Tampering\u00a0Vulnerabilities\u00a0in\u00a0Multiple\u00a0FA\u00a0Products",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
          },
          {
            "title": "Patch for Mitsubishi MELSEC Q03UDECPU PLC has logic flaw vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/332961"
          },
          {
            "title": "Mitsubishi Electric MELSEC iQ-F series Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194631"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-326",
            "trust": 1.0
          },
          {
            "problemtype": "Using weak password hashes (CWE-916) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25156"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/vu/jvnvu96577897/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96577897/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25156"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-25156/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25156"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25156"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "date": "2022-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          },
          {
            "date": "2022-04-01T23:15:14.253000",
            "db": "NVD",
            "id": "CVE-2022-25156"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-41726"
          },
          {
            "date": "2022-04-20T05:21:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          },
          {
            "date": "2022-06-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          },
          {
            "date": "2024-11-21T06:51:42.703000",
            "db": "NVD",
            "id": "CVE-2022-25156"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Mitsubishi\u00a0Electric\u00a0MELSEC\u00a0iQ-F\u00a0 Insufficient password hash usage vulnerabilities in series products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001564"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2694"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-1417

    Vulnerability from variot - Updated: 2024-11-23 22:16

    Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1417",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "iu1-1m20-d",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "1.0.7"
          },
          {
            "model": "iu1-1m20-d",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "1.0.7"
          },
          {
            "model": "electric melqic iu1",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "\u003c=1.0.7"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:iu1-1m20-d_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          }
        ]
      },
      "cve": "CVE-2020-5544",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5544",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003078",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-19568",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5544",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003078",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5544",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003078",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19568",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1005",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5544",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU92370624",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "id": "VAR-202003-1417",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:16:36.325000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELQIC IU1 \u30b7\u30ea\u30fc\u30ba\u306eTCP/IP \u30b9\u30bf\u30c3\u30af\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf"
          },
          {
            "title": "Patch for Mitsubishi Electric MELQIC IU1 TCP function code issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/210995"
          },
          {
            "title": "Mitsubishi Electric MELQIC IU1 TCP Measures to fix bugs in function code problems",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112427"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://jvn.jp/en/vu/jvnvu92370624/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5544"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92370624/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5544"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "date": "2020-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "date": "2020-03-16T02:15:10.997000",
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "date": "2020-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003078"
          },
          {
            "date": "2020-03-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          },
          {
            "date": "2024-11-21T05:34:14.890000",
            "db": "NVD",
            "id": "CVE-2020-5544"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MELQIC IU1 TCP function code issue vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19568"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1005"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1433

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process.

    There is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "_id": null,
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works64",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "_id": null,
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "_id": null,
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "_id": null,
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ben McBride",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12013",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12013",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34370",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12013",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12013",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12013",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12013",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34370",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1207",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the current process. \n\r\n\r\nThere is a code injection vulnerability in Mitsubishi Electric MC Works64 4.02C (10.95.208.31) and previous versions and MC Works32 3.00A (9.50.255.02) version, remote attackers can use the specially crafted message to exploit this vulnerability to execute arbitrary SQL commands and leak, tamper with internal data. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12013",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 2.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 1.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10288",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "619034F0-2A16-43EB-8D34-F889BD91A2AF",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E2B262E1-E8A9-471A-A771-486F23CD118B",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          }
        ]
      },
      "id": "VAR-202007-1433",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af"
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:11:26.821000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/222939"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-94",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-779/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12013"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-779",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34370",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12013",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "619034f0-2a16-43eb-8d34-f889bd91a2af",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "e2b262e1-e8a9-471a-a771-486f23cd118b",
            "ident": null
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-779",
            "ident": null
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34370",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1207",
            "ident": null
          },
          {
            "date": "2020-07-16T22:15:11.417000",
            "db": "NVD",
            "id": "CVE-2020-12013",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-779",
            "ident": null
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34370",
            "ident": null
          },
          {
            "date": "2021-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1207",
            "ident": null
          },
          {
            "date": "2024-11-21T04:59:06.937000",
            "db": "NVD",
            "id": "CVE-2020-12013",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-779"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "_id": null,
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1207"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0207

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0207",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12011",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12011",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2020-34373",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "2e91579b-642f-4242-83f1-d1d890cc5345",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "213f4b05-e0a3-4f65-b456-b752579d9402",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12011",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12011",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12011",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12011",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34373",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1210",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "2e91579b-642f-4242-83f1-d1d890cc5345",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "213f4b05-e0a3-4f65-b456-b752579d9402",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64.  Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12011",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 2.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 1.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10274",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "2E91579B-642F-4242-83F1-D1D890CC5345",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "213F4B05-E0A3-4F65-B456-B752579D9402",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "id": "VAR-202007-0207",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:11:26.786000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/222929"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-778/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12011"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          },
          {
            "date": "2020-07-16T19:15:11.830000",
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-778"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34373"
          },
          {
            "date": "2020-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          },
          {
            "date": "2024-11-21T04:59:06.677000",
            "db": "NVD",
            "id": "CVE-2020-12011"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(Pwn2Own) ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-778"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "2e91579b-642f-4242-83f1-d1d890cc5345"
          },
          {
            "db": "IVD",
            "id": "213f4b05-e0a3-4f65-b456-b752579d9402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1210"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-0206

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "_id": null,
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "_id": null,
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "_id": null,
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "_id": null,
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Team FLASHBACK: Pedro Ribeiro (pedrib@gmail.com|@pedrib1337) and Radek Domanski (@RabbitPro)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12009",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12009",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34371",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12009",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-12009",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12009",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12009",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34371",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1208",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. When parsing the WbPackAndGoSettings element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12009",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 2.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 1.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10272",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "D97CB3A1-CB5E-4BB3-B9B8-62A73DD1F132",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "2AEA7BB9-A918-4CCF-A751-B9794DF3809B",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          }
        ]
      },
      "id": "VAR-202007-0206",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:11:26.751000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 Code Issue Vulnerability (CNVD-2020-34371)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/222935"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-777/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12009"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-777",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34371",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12009",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b",
            "ident": null
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-777",
            "ident": null
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34371",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1208",
            "ident": null
          },
          {
            "date": "2020-07-16T20:15:11.057000",
            "db": "NVD",
            "id": "CVE-2020-12009",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-777",
            "ident": null
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34371",
            "ident": null
          },
          {
            "date": "2020-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1208",
            "ident": null
          },
          {
            "date": "2024-11-21T04:59:06.433000",
            "db": "NVD",
            "id": "CVE-2020-12009",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "(Pwn2Own) ICONICS Genesis64 PKGX WbPackAndGoSettings Absolute Path Traversal Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-777"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "_id": null,
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "d97cb3a1-cb5e-4bb3-b9b8-62a73dd1f132"
          },
          {
            "db": "IVD",
            "id": "2aea7bb9-a918-4ccf-a751-b9794df3809b"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1208"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-0208

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "_id": null,
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "_id": null,
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "_id": null,
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "bizviz",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "energy analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "facility analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis 64",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis32",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "hyper historian",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mobilehmi",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "quality analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "smart energy analytix",
            "scope": null,
            "trust": 0.8,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "mc works",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "64"
          },
          {
            "_id": null,
            "model": "mc works 32",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "_id": null,
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          },
          {
            "_id": null,
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)"
          },
          {
            "_id": null,
            "model": "electric mc works32 3.00a",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "mitsubishi",
            "version": "(9.50.255.02)*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:iconics:bizviz",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:energy_analytix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:facility_analytix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:genesis64",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:genesis32",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:hyper_historian",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:mobilehmi",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:quality_analytix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:iconics:smart_energy_analytix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:mc_works",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:mc_works32",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12015",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12015",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008308",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34372",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "31ad87c7-757e-410a-89c6-906cc763b446",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12015",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008308",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12015",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12015",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008308",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12015",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34372",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1209",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "31ad87c7-757e-410a-89c6-906cc763b446",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Several Mitsubishi Electric products contain vulnerabilities related to unreliable data deserialization.Service operation interruption (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64.  Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Mitsubishi Electric MC Works64 and MC Works32 are a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12015",
            "trust": 4.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 2.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95379131",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10297",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "4BDA61CA-BD50-4B09-A018-05EA35FF2332",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "31AD87C7-757E-410A-89C6-906CC763B446",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "id": "VAR-202007-0208",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          }
        ],
        "trust": 1.78927874
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:11:26.711000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://iconics.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/"
          },
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 and MC Works32 code issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/222933"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12015"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12015"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95379131/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-780/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-780",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12015",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446",
            "ident": null
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-780",
            "ident": null
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "ident": null
          },
          {
            "date": "2020-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "ident": null
          },
          {
            "date": "2020-07-16T22:15:11.493000",
            "db": "NVD",
            "id": "CVE-2020-12015",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-780",
            "ident": null
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34372",
            "ident": null
          },
          {
            "date": "2020-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008308",
            "ident": null
          },
          {
            "date": "2020-07-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1209",
            "ident": null
          },
          {
            "date": "2024-11-21T04:59:07.153000",
            "db": "NVD",
            "id": "CVE-2020-12015",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Unreliable data deserialization vulnerabilities in multiple MC products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008308"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "4bda61ca-bd50-4b09-a018-05ea35ff2332"
          },
          {
            "db": "IVD",
            "id": "31ad87c7-757e-410a-89c6-906cc763b446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1209"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-0205

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0205",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric mc works64 \u003c=4.02c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishi",
            "version": "(10.95.208.31)"
          },
          {
            "model": "energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "10.95.208.31"
          },
          {
            "model": "mobilehmi",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "bizviz",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "facility analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "mc works32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "9.50.255.02"
          },
          {
            "model": "genesis64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "quality analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "hyper historian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "smart energy analytix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iconics",
            "version": null
          },
          {
            "model": "genesis64",
            "scope": null,
            "trust": 0.7,
            "vendor": "iconics",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Yehuda Anikster of Claroty Research",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-12007",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12007",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-34369",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12007",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12007",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12007",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-12007",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-34369",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1227",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12007",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12007",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-02",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-170-03",
            "trust": 1.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227",
            "trust": 1.0
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10267",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2147",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "B28667EE-4B0F-4654-BD4F-FBB2C24C795A",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "36556B9E-B308-4C4F-A8AF-5FCE9F89C31B",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "id": "VAR-202007-0205",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          }
        ],
        "trust": 1.736598425
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:11:26.672000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICONICS has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "title": "Patch for Mitsubishi Electric MC Works64 code issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/222941"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 1.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02%2c"
          },
          {
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12007"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-776/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/iconics-genesis32-genesis64-multiple-vulnerabilities-32668"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2147/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/502.html"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02,"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183626"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "date": "2020-07-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          },
          {
            "date": "2020-07-16T22:15:11.337000",
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-776"
          },
          {
            "date": "2020-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12007"
          },
          {
            "date": "2020-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          },
          {
            "date": "2024-11-21T04:59:06.190000",
            "db": "NVD",
            "id": "CVE-2020-12007"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi Electric MC Works64 Code Issue Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-34369"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "b28667ee-4b0f-4654-bd4f-fbb2c24c795a"
          },
          {
            "db": "IVD",
            "id": "36556b9e-b308-4c4f-a8af-5fce9f89c31b"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1227"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202007-1224

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.

    CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1224",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5596",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5596",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-38410",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5596",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5596",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-38410",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-305",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5596",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "id": "VAR-202007-1224",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.706000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Multiple Mitsubishi Electric product authorization issues and vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/248851"
          },
          {
            "title": "Multiple Mitsubishi Electric Product Authorization Issue Vulnerability Fixing Measures",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123230"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-384",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5596"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "date": "2020-07-07T09:15:10.153000",
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-38410"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          },
          {
            "date": "2024-11-21T05:34:20.100000",
            "db": "NVD",
            "id": "CVE-2020-5596"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-305"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1223

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.

    CoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1223",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5595",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5595",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-38411",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5595",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5595",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-38411",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-304",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan. \n\r\n\r\nCoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5595",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "id": "VAR-202007-1223",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.679000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Buffer overflow vulnerabilities in multiple Mitsubishi Electric products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/248901"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5595"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "date": "2020-07-07T09:15:10.057000",
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-38411"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          },
          {
            "date": "2024-11-21T05:34:20",
            "db": "NVD",
            "id": "CVE-2020-5595"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-304"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1225

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.

    CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1225",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5597",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5597",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46801",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5597",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5597",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46801",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-306",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5597",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "id": "VAR-202007-1225",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.653000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Null pointer reference vulnerabilities in multiple Mitsubishi Electric products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231106"
          },
          {
            "title": "Multiple Mitsubishi Electric Product code issue vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123231"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5597"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "date": "2020-07-07T09:15:10.230000",
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46801"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          },
          {
            "date": "2024-11-21T05:34:20.197000",
            "db": "NVD",
            "id": "CVE-2020-5597"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-306"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1228

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.

    CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1228",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5600",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5600",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46798",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5600",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5600",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46798",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-308",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5600",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "id": "VAR-202007-1228",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.626000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Resource management errors and vulnerabilities in multiple Mitsubishi Electric products (CNVD-2020-46798)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231124"
          },
          {
            "title": "Multiple Mitsubishi Electric Product resource management error vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124077"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5600"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "date": "2020-07-07T09:15:10.450000",
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46798"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          },
          {
            "date": "2024-11-21T05:34:20.490000",
            "db": "NVD",
            "id": "CVE-2020-5600"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-308"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1226

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.

    CoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1226",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5598",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5598",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46800",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5598",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5598",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46800",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-307",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5598",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5598",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "id": "VAR-202007-1226",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.595000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Access control error vulnerabilities in multiple Mitsubishi Electric products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231115"
          },
          {
            "title": "Multiple Mitsubishi Electric Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124076"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-88",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5598"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "date": "2020-07-07T09:15:10.307000",
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46800"
          },
          {
            "date": "2021-07-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5598"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          },
          {
            "date": "2024-11-21T05:34:20.297000",
            "db": "NVD",
            "id": "CVE-2020-5598"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-307"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1227

    Vulnerability from variot - Updated: 2024-11-23 22:05

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.

    CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1227",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "coreos",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "y"
          },
          {
            "model": "gt23 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt25 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "gt27 model",
            "scope": null,
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "electric gt27 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt25 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          },
          {
            "model": "electric gt23 model",
            "scope": null,
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt23_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt25_model",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mitsubishielectric:gt27_model",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ]
      },
      "cve": "CVE-2020-5599",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5599",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-46799",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5599",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006469",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5599",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006469",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-46799",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-309",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command (\u0027Argument Injection\u0027) vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan\u0027s Mitsubishi Electric. \n\r\n\r\nCoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5599",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU95413676",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-189-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2312",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "id": "VAR-202007-1227",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          }
        ],
        "trust": 1.54642855
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:45.546000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GOT2000\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308bTCP/IP\u30b9\u30bf\u30c3\u30af\u306e\u8907\u6570\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-005.pdf"
          },
          {
            "title": "Patch for Injection vulnerabilities in many Mitsubishi Electric products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231121"
          },
          {
            "title": "Multiple Mitsubishi Electric Fixing measures for product injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124078"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-88",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-476",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-384",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-005_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5598"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5599"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5600"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5595"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5596"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5597"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95413676/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-006469.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2312/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5599"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "date": "2020-07-07T09:15:10.370000",
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-46799"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          },
          {
            "date": "2024-11-21T05:34:20.397000",
            "db": "NVD",
            "id": "CVE-2020-5599"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Made by Mitsubishi Electric  GOT2000 Of the series  TCP/IP Multiple vulnerabilities in functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-309"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202011-1259

    Vulnerability from variot - Updated: 2024-11-23 22:05

    Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series CPU The unit is exhausted (CWE-400) Vulnerability exists. According to the developer, the engineering tool " Web If the "whether or not server is used" setting is set to "not used", it is not affected by this vulnerability. ( The default setting is "not used" ) .. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : NEC Corporation Tomoomi Iwata Mr. A reset is required for recovery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1259",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "melsec iq-r16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r02",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "05"
          },
          {
            "model": "melsec iq-r01",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "05"
          },
          {
            "model": "melsec iq-r02",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "19"
          },
          {
            "model": "melsec iq-r16",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r08",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r01",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "19"
          },
          {
            "model": "melsec iq-r04",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r00",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "19"
          },
          {
            "model": "melsec iq-r08",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r120",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r32",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "51"
          },
          {
            "model": "melsec iq-r120",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r04",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r32",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "35"
          },
          {
            "model": "melsec iq-r00",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mitsubishielectric",
            "version": "05"
          },
          {
            "model": "melsec iq-r series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "r00/01/02cpu \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 \"05\" \u304b\u3089 \"19\""
          },
          {
            "model": "melsec iq-r series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "r04/08/16/32/120(en)cpu \u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3 \"35\" \u304b\u3089 \"51\""
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:melsec_iq-r_series",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          }
        ]
      },
      "cve": "CVE-2020-5666",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-5666",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 5.4,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-000072",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5666",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-000072",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5666",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-000072",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202011-1002",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from \u002705\u0027 to \u002719\u0027 and R04/08/16/32/120(EN)CPU Firmware versions from \u002735\u0027 to \u002751\u0027) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Of the series CPU The unit is exhausted (CWE-400) Vulnerability exists. According to the developer, the engineering tool \" Web If the \"whether or not server is used\" setting is set to \"not used\", it is not affected by this vulnerability. ( The default setting is \"not used\" ) .. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : NEC Corporation Tomoomi Iwata Mr. A reset is required for recovery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN44764844",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-317-01",
            "trust": 2.4
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072",
            "trust": 1.4
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4044",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "id": "VAR-202011-1259",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2024-11-23T22:05:19.579000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MELSEC iQ-R \u30b7\u30ea\u30fc\u30ba CPU \u30e6\u30cb\u30c3\u30c8\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u62d2\u5426 (DoS) \u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-015.pdf"
          },
          {
            "title": "Mitsubishi Electric MELSEC iQ-R series Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135734"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01"
          },
          {
            "trust": 2.4,
            "url": "https://jvn.jp/jp/jvn44764844/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-015_en.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn44764844/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5666"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4044/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5666"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000072.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-12T03:28:15",
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "date": "2020-11-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "date": "2020-11-16T01:15:13.327000",
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-13T02:24:14",
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          },
          {
            "date": "2020-12-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          },
          {
            "date": "2024-11-21T05:34:26.980000",
            "db": "NVD",
            "id": "CVE-2020-5666"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MELSEC iQ-R Series sequencer  CPU Resource exhaustion vulnerability in the unit",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-000072"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-1002"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0783

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "e-designer",
            "scope": null,
            "trust": 3.5,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "_id": null,
            "model": "e-designer",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "mitsubishielectric",
            "version": "7.52"
          },
          {
            "_id": null,
            "model": "e-designer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "7.52 build 344"
          },
          {
            "_id": null,
            "model": "electric europe b.v. e-designer build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "_id": null,
            "model": "electric e-designer build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "e designer",
            "version": "7.52"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2017-9636",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-9636",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 3.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-9636",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-22836",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-9636",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2017-9636",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-9636",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-9636",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22836",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-867",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-9636",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a driver configuration file when initializing the BEMicroLogix component. When parsing the property TCP_IP_Address, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636"
          }
        ],
        "trust": 5.85
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9636",
            "trust": 7.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-213-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "100097",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3802",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3794",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3795",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3800",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3801",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "DE3E14C2-EB4D-4863-9A11-51565DA2E669",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "id": "VAR-201804-0783",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          }
        ],
        "trust": 1.675
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:00:37.020000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/fa/"
          },
          {
            "title": "Patch for Mitsubishi Electric Europe B.V. E-Designer Buffer Overflow Vulnerability (CNVD-2017-22836)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/100853"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 6.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/100097"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9636"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9636"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-510"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-510",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-518",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-517",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-512",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-511",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22836",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9636",
            "ident": null
          },
          {
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9636",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-510",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-518",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-517",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-512",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-511",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22836",
            "ident": null
          },
          {
            "date": "2018-04-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9636",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013250",
            "ident": null
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-867",
            "ident": null
          },
          {
            "date": "2018-04-17T14:29:00.417000",
            "db": "NVD",
            "id": "CVE-2017-9636",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-510",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-518",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-517",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-512",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-511",
            "ident": null
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22836",
            "ident": null
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9636",
            "ident": null
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097",
            "ident": null
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013250",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-867",
            "ident": null
          },
          {
            "date": "2024-11-21T03:36:33.803000",
            "db": "NVD",
            "id": "CVE-2017-9636",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Mitsubishi E-Designer Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013250"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "de3e14c2-eb4d-4863-9a11-51565da2e669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-867"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201804-0782

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file. An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities: 1. Multiple stack-based overflow vulnerabilities. 2. Multiple heap-based overflow vulnerabilities. 3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Mitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0782",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "e-designer",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "mitsubishielectric",
            "version": "7.52"
          },
          {
            "model": "e-designer",
            "scope": null,
            "trust": 1.4,
            "vendor": "mitsubishi electric",
            "version": null
          },
          {
            "model": "e-designer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mitsubishi electric",
            "version": "7.52 build 344"
          },
          {
            "model": "electric europe b.v. e-designer build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "model": "electric e-designer build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mitsubishi",
            "version": "7.52344"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "e designer",
            "version": "7.52"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitsubishielectric:e-designer",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2017-9634",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-9634",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-9634",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-22837",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-9634",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2017-9634",
                "trust": 1.4,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-9634",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-9634",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-22837",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-869",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-9634",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of TxStaticString sections of a mpa (project specification) file.  An out-of-bounds value for the column specification will cause a user-supplied string to be written to an arbitrary memory address.  An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator. E-Designer is an E-series programming software from Mitsubishi Electric Europe B.V. Mitsubishi Electric Europe B.V. Mitsubishi E-Designer is prone to the following vulnerabilities:\n1. Multiple stack-based overflow vulnerabilities. \n2. Multiple heap-based overflow vulnerabilities. \n3. Multiple denial-of-service overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. \nMitsubishi E-Designer version 7.52 Build 344 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          }
        ],
        "trust": 3.96
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9634",
            "trust": 5.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-213-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "100097",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3804",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3759",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "3F385BD9-7C1C-4E38-AD57-7DB92192B1A5",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "id": "VAR-201804-0782",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          }
        ],
        "trust": 1.675
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:00:36.968000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mitsubishielectric.co.jp/fa/"
          },
          {
            "title": "Mitsubishi Electric Europe B.V. E-Designer patch for out-of-bounds write vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/100852"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-01"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/100097"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9634"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9634"
          },
          {
            "trust": 0.3,
            "url": "http://www.mrslim.com/home.asp"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "db": "BID",
            "id": "100097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-25T00:00:00",
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "date": "2018-04-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097"
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "date": "2018-04-17T14:29:00.353000",
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-507"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-506"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-22837"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9634"
          },
          {
            "date": "2017-08-01T00:00:00",
            "db": "BID",
            "id": "100097"
          },
          {
            "date": "2018-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          },
          {
            "date": "2024-11-21T03:36:33.573000",
            "db": "NVD",
            "id": "CVE-2017-9634"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitsubishi E-Designer Vulnerable to out-of-bounds writing",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013249"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "3f385bd9-7c1c-4e38-ad57-7db92192b1a5"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-869"
          }
        ],
        "trust": 0.8
      }
    }