Common Weakness Enumeration

CWE-410

Allowed

Insufficient Resource Pool

Abstraction: Class · Status: Incomplete

The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.

33 vulnerabilities reference this CWE, most recent first.

CVE-2023-7033 (GCVE-0-2023-7033)

Vulnerability from cvelistv5 – Published: 2024-02-27 03:47 – Updated: 2025-01-16 04:31
VLAI
Summary
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN Analog-Digital Converter Module, CC-Link IE TSN Digital-Analog Converter Module, CC-Link IE TSN - CC-Link IE Field Network Bridge Module, CC-Link IE TSN - AnyWireASLINK Bridge Module, CC-Link IE TSN FPGA Module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Motion Module, MELSEC iQ-L Motion Module, MELSEC iQ-F FX5 Motion Module, MELSEC iQ-F Series CPU module, MELSEC iQ-F Series Ethernet module, MELSEC iQ-F Series Ethernet/IP module, MELSEC iQ-F Series OPC UA Module, MELSEC iQ-F Series CC-Link IE TSN master/local module, GOT2000 Series CC-Link IE TSN Communication Unit, FR-A800-E series inverters, FR-F800-E series inverters, FR-E800-E series inverters, INVERTER CC-Link IE TSN Plug-in option, INVERTER CC-Link IE TSN Safety Plug-in option, INVERTER CC-Link IE TSN communication function built-in type, MR-J5 series AC Servos MELSERVO, MR-JET series AC Servos MELSERVO, MR-MD333G series AC Servos MELSERVO, MR-JE series AC Servos MELSERVO, MELSERVO-J4 AC Servos MELSERVO and Embedded Type Servo System Controller allow a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-410 - Insufficient Resource Pool
Assigner
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R00CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R01CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R02CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R04CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R08CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R16CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R32CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R120CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R04ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R08ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R16ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R32ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R120ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R08SFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R16SFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R32SFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R120SFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R08PCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R16PCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R32PCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R120PCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R08PSFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R16PSFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R32PSFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R series CPU module R120PSFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-L series CPU module L04HCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-L series CPU module L08HCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-L series CPU module L16HCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-L series CPU module L32HCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Ethernet Interface Module RJ71EN71 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R CC-Link IE TSN Master/Local Module RJ71GN11-T2 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R CC-Link IE TSN Master/Local Module RJ71GN11-SX Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R CC-Link IE TSN Master/Local Module RJ71GN11-EIP Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2B1-32D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2B1-32T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2B1-32TE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2B1-32DT Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2B1-32DTE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2B1-16D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2B1-16T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2B1-16TE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2S1-32D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2S1-32T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2S1-32TE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2S1-32DT Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2S1-32DTE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2S1-16D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2S1-16T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN2S1-16TE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GNCF1-32D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GNCF1-32T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GNCE3-32D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GNCE3-32DT Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN12A4-16D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN12A4-16DE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN12A2-16T Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN12A2-16TE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN12A42-16DT Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O Module NZ2GN12A42-16DTE Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Analog-Digital Converter Module NZ2GN2S-60AD4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Analog-Digital Converter Module NZ2GN2B-60AD4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Digital-Analog Converter Module NZ2GN2S-60DA4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Digital-Analog Converter Module NZ2GN2B-60DA4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN - CC-Link IE Field Network Bridge Module NZ2GN-GFB Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN - AnyWireASLINK Bridge Module NZ2AW1GNAL Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN FPGA Module NZ2GN2S-D41P01 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN FPGA Module NZ2GN2S-D41D01 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN FPGA Module NZ2GN2S-D41PD02 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-60 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Motion Module RD78G4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Motion Module RD78G8 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Motion Module RD78G16 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Motion Module RD78G32 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Motion Module RD78G64 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Motion Module RD78GHV Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Motion Module RD78GHW Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-L Motion Module LD78G4 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-L Motion Module LD78G16 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F FX5 Motion Module FX5-40SSC-G Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F FX5 Motion Module FX5-80SSC-G Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-32MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-64MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-80MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-32MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-64MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-80MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-32MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-64MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-80MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-32MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-64MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-80MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-32MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-64MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-80MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-64MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5U-80MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-32MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-64MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-96MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-64MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-96MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-32MT/DS-TS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-32MT/DSS-TS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UC-32MR/DS-TS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-24MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-40MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-60MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-24MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-40MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-60MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-24MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-40MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-60MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-24MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-40MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-60MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-24MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-40MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-60MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-24MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-40MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-60MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-24MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-40MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-60MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-24MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-40MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5UJ-60MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-30MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-40MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-60MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-80MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-30MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-40MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-60MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-80MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-30MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-40MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-60MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module FX5S-80MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series Ethernet module FX5-ENET Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series Ethernet/IP module FX5-ENET/IP Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series OPC UA Module FX5-OPC Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series CC-Link IE TSN master/local module FX5-CCLGN-MS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation GOT2000 Series CC-Link IE TSN Communication Unit GT25-J71GN13-T2 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation FR-A800-E series inverters FR-A800-E series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation FR-F800-E series inverters FR-F800-E series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation FR-E800-E series inverters FR-E800-E series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation INVERTER CC-Link IE TSN Plug-in option FR-A8NCG Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation INVERTER CC-Link IE TSN Safety Plug-in option FR-A8NCG-S Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation INVERTER CC-Link IE TSN communication function built-in type FR-A800-GN Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MR-J5 series AC Servos MELSERVO MR-J5-A series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MR-J5 series AC Servos MELSERVO MR-J5-G series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MR-J5 series AC Servos MELSERVO MR-J5W-G series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MR-J5 series AC Servos MELSERVO MR-J5D-G series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MR-JET series AC Servos MELSERVO MR-JET-G series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MR-MD333G series AC Servos MELSERVO MR-MD333G series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MR-JE series AC Servos MELSERVO MR-JE-C series Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSERVO-J4 AC Servos MELSERVO MR-J4-GF series Affected: versions A4 or later
Create a notification for this product.
Mitsubishi Electric Corporation Embedded Type Servo System Controller MR-EM441G series Affected: all versions
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T15:54:01.953744Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:01.182Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:50:07.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU96145466/index.html"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R00CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R01CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R02CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R04CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R08CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R16CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R32CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R120CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R04ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R08ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R16ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R32ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R120ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R08SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R16SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R32SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R120SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R08PCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R16PCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R32PCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R120PCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R08PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R16PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R32PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series CPU module R120PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-L series CPU module L04HCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-L series CPU module L08HCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-L series CPU module L16HCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-L series CPU module L32HCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Ethernet Interface Module RJ71EN71",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R CC-Link IE TSN Master/Local Module RJ71GN11-T2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R CC-Link IE TSN Master/Local Module RJ71GN11-SX",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R CC-Link IE TSN Master/Local Module RJ71GN11-EIP",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2B1-32D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2B1-32T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2B1-32TE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2B1-32DT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2B1-32DTE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2B1-16D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2B1-16T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2B1-16TE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2S1-32D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2S1-32T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2S1-32TE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2S1-32DT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2S1-32DTE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2S1-16D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2S1-16T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN2S1-16TE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GNCF1-32D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GNCF1-32T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GNCE3-32D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GNCE3-32DT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN12A4-16D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN12A4-16DE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN12A2-16T",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN12A2-16TE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN12A42-16DT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote I/O Module NZ2GN12A42-16DTE",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Analog-Digital Converter Module NZ2GN2S-60AD4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Analog-Digital Converter Module NZ2GN2B-60AD4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Digital-Analog Converter Module NZ2GN2S-60DA4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Digital-Analog Converter Module NZ2GN2B-60DA4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN - CC-Link IE Field Network Bridge Module NZ2GN-GFB",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN - AnyWireASLINK Bridge Module NZ2AW1GNAL",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN FPGA Module NZ2GN2S-D41P01",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN FPGA Module NZ2GN2S-D41D01",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN FPGA Module NZ2GN2S-D41PD02",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-60",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Motion Module RD78G4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Motion Module RD78G8",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Motion Module RD78G16",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Motion Module RD78G32",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Motion Module RD78G64",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Motion Module RD78GHV",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Motion Module RD78GHW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-L Motion Module LD78G4",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-L Motion Module LD78G16",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F FX5 Motion Module FX5-40SSC-G",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F FX5 Motion Module FX5-80SSC-G",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-32MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-64MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-32MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-64MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-32MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-64MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-80MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-32MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-64MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-80MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-32MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-64MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5U-80MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-32MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-64MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-96MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-96MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-32MT/DS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-32MT/DSS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UC-32MR/DS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-24MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-24MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-24MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-40MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-60MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-24MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-40MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-60MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-24MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-24MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-40MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-60MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-24MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-40MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-60MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-24MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-40MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5UJ-60MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-30MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-30MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-30MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CPU module FX5S-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series Ethernet module FX5-ENET",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series Ethernet/IP module FX5-ENET/IP",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series OPC UA Module FX5-OPC",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series CC-Link IE TSN master/local module FX5-CCLGN-MS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GOT2000 Series CC-Link IE TSN Communication Unit GT25-J71GN13-T2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FR-A800-E series inverters FR-A800-E series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FR-F800-E series inverters FR-F800-E series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FR-E800-E series inverters FR-E800-E series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "INVERTER CC-Link IE TSN Plug-in option FR-A8NCG",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "INVERTER CC-Link IE TSN Safety Plug-in option FR-A8NCG-S",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "INVERTER CC-Link IE TSN communication function built-in type FR-A800-GN",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MR-J5 series AC Servos MELSERVO MR-J5-A series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MR-J5 series AC Servos MELSERVO MR-J5-G series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MR-J5 series AC Servos MELSERVO MR-J5W-G series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MR-J5 series AC Servos MELSERVO MR-J5D-G series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MR-JET series AC Servos MELSERVO MR-JET-G series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MR-MD333G series AC Servos MELSERVO MR-MD333G series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MR-JE series AC Servos MELSERVO MR-JE-C series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSERVO-J4 AC Servos MELSERVO MR-J4-GF series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions A4 or later"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Embedded Type Servo System Controller MR-EM441G series",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN Analog-Digital Converter Module, CC-Link IE TSN Digital-Analog Converter Module, CC-Link IE TSN - CC-Link IE Field Network Bridge Module, CC-Link IE TSN - AnyWireASLINK Bridge Module, CC-Link IE TSN FPGA Module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Motion Module, MELSEC iQ-L Motion Module, MELSEC iQ-F FX5 Motion Module, MELSEC iQ-F Series CPU module, MELSEC iQ-F Series Ethernet module, MELSEC iQ-F Series Ethernet/IP module, MELSEC iQ-F Series OPC UA Module, MELSEC iQ-F Series CC-Link IE TSN master/local module, GOT2000 Series CC-Link IE TSN Communication Unit, FR-A800-E series inverters, FR-F800-E series inverters, FR-E800-E series inverters, INVERTER CC-Link IE TSN Plug-in option, INVERTER CC-Link IE TSN Safety Plug-in option, INVERTER CC-Link IE TSN communication function built-in type, MR-J5 series AC Servos MELSERVO, MR-JET series AC Servos MELSERVO, MR-MD333G series AC Servos MELSERVO, MR-JE series AC Servos MELSERVO, MELSERVO-J4 AC Servos MELSERVO and Embedded Type Servo System Controller allow a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack."
            }
          ],
          "value": "Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN Analog-Digital Converter Module, CC-Link IE TSN Digital-Analog Converter Module, CC-Link IE TSN - CC-Link IE Field Network Bridge Module, CC-Link IE TSN - AnyWireASLINK Bridge Module, CC-Link IE TSN FPGA Module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Motion Module, MELSEC iQ-L Motion Module, MELSEC iQ-F FX5 Motion Module, MELSEC iQ-F Series CPU module, MELSEC iQ-F Series Ethernet module, MELSEC iQ-F Series Ethernet/IP module, MELSEC iQ-F Series OPC UA Module, MELSEC iQ-F Series CC-Link IE TSN master/local module, GOT2000 Series CC-Link IE TSN Communication Unit, FR-A800-E series inverters, FR-F800-E series inverters, FR-E800-E series inverters, INVERTER CC-Link IE TSN Plug-in option, INVERTER CC-Link IE TSN Safety Plug-in option, INVERTER CC-Link IE TSN communication function built-in type, MR-J5 series AC Servos MELSERVO, MR-JET series AC Servos MELSERVO, MR-MD333G series AC Servos MELSERVO, MR-JE series AC Servos MELSERVO, MELSERVO-J4 AC Servos MELSERVO and Embedded Type Servo System Controller allow a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410 Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-16T04:31:21.198Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-023_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU96145466/index.html"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2023-7033",
    "datePublished": "2024-02-27T03:47:04.725Z",
    "dateReserved": "2023-12-21T01:41:37.913Z",
    "dateUpdated": "2025-01-16T04:31:21.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-46679 (GCVE-0-2022-46679)

Vulnerability from cvelistv5 – Published: 2023-02-01 05:33 – Updated: 2025-03-26 18:53
VLAI
Summary
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-410 - Insufficient Resource Pool
Assigner
References
Impacted products
Vendor Product Version
Dell PowerScale OneFS Affected: 8.2.x;9.0.0.x , ≤ 9.4.0.x (custom)
Create a notification for this product.
Date Public
2022-12-22 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:39:38.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000206927/dsa-2022-323-dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-46679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-26T18:53:12.012327Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-26T18:53:18.852Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.4.0.x",
              "status": "affected",
              "version": "8.2.x;9.0.0.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-12-22T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nDell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410: Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-01T05:33:26.974Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000206927/dsa-2022-323-dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-46679",
    "datePublished": "2023-02-01T05:33:26.974Z",
    "dateReserved": "2022-12-06T21:50:27.435Z",
    "dateUpdated": "2025-03-26T18:53:18.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-40224 (GCVE-0-2022-40224)

Vulnerability from cvelistv5 – Published: 2023-02-07 16:52 – Updated: 2025-03-05 19:27
VLAI
Summary
A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-410 - Insufficient Resource Pool
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:40.040Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1618"
          },
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618",
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618"
          },
          {
            "name": "https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40224",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:43:09.372564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T19:27:11.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SDS-3008 Series Industrial Ethernet Switch",
          "vendor": "Moxa",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410: Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-07T16:52:03.607Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618"
        },
        {
          "name": "https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities",
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-40224",
    "datePublished": "2023-02-07T16:52:03.607Z",
    "dateReserved": "2022-09-21T17:34:10.101Z",
    "dateUpdated": "2025-03-05T19:27:11.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22191 (GCVE-0-2022-22191)

Vulnerability from cvelistv5 – Published: 2022-04-14 15:50 – Updated: 2024-09-16 18:08
VLAI
Title
Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic
Summary
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.
CWE
  • CWE-410 - Insufficient Resource Pool
  • Denial of Service (DoS)
Assigner
References
URL Tags
https://kb.juniper.net/JSA69502 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 15.1R7-S12 (custom)
Affected: 18.4 , < 18.4R2-S10, 18.4R3-S11 (custom)
Affected: 19.1 , < 19.1R3-S8 (custom)
Affected: 19.2 , < 19.2R1-S9, 19.2R3-S4 (custom)
Affected: 19.3 , < 19.3R3-S5 (custom)
Affected: 19.4 , < 19.4R2-S6, 19.4R3-S7 (custom)
Affected: 20.1 , < 20.1R3-S3 (custom)
Affected: 20.2 , < 20.2R3-S3 (custom)
Affected: 20.3 , < 20.3R3-S2 (custom)
Affected: 20.4 , < 20.4R3-S1 (custom)
Affected: 21.1 , < 21.1R3 (custom)
Affected: 21.2 , < 21.2R2-S1, 21.2R3 (custom)
Affected: 21.3 , < 21.3R1-S2, 21.3R2 (custom)
Create a notification for this product.
Date Public
2022-04-13 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:49.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA69502"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "EX4300"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1R7-S12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R2-S10, 18.4R3-S11",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R3-S8",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S9, 19.2R3-S4",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R3-S5",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2-S6, 19.4R3-S7",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R3-S3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S3",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S2",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S1",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R2-S1, 21.2R3",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R1-S2, 21.3R2",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-04-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410 Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-14T15:50:52.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA69502"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S12, 18.4R2-S10, 18.4R3-S11, 19.1R3-S8, 19.2R1-S9, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2-S1, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA69502",
        "defect": [
          "1613275"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
          "ID": "CVE-2022-22191",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_value": "15.1R7-S12"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R2-S10, 18.4R3-S11"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R3-S8"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S9, 19.2R3-S4"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R3-S5"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R2-S6, 19.4R3-S7"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R3-S3"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R3-S3"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R3-S2"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R3-S1"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "21.1",
                            "version_value": "21.1R3"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "21.2",
                            "version_value": "21.2R2-S1, 21.2R3"
                          },
                          {
                            "platform": "EX4300",
                            "version_affected": "\u003c",
                            "version_name": "21.3",
                            "version_value": "21.3R1-S2, 21.3R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-410 Insufficient Resource Pool"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA69502",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA69502"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S12, 18.4R2-S10, 18.4R3-S11, 19.1R3-S8, 19.2R1-S9, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2-S1, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA69502",
          "defect": [
            "1613275"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2022-22191",
    "datePublished": "2022-04-14T15:50:52.290Z",
    "dateReserved": "2021-12-21T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:08:39.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-20937 (GCVE-0-2022-20937)

Vulnerability from cvelistv5 – Published: 2022-11-03 19:31 – Updated: 2024-08-03 02:31
VLAI
Summary
A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.
CWE
  • CWE-410 - Insufficient Resource Pool
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Identity Services Engine Software Affected: 2.6.0
Affected: 2.6.0 p1
Affected: 2.6.0 p2
Affected: 2.6.0 p3
Affected: 2.6.0 p5
Affected: 2.6.0 p6
Affected: 2.6.0 p7
Affected: 2.6.0 p8
Affected: 2.6.0 p9
Affected: 2.6.0 p10
Affected: 2.6.0 p11
Affected: 2.6.0 p12
Affected: 2.7.0
Affected: 2.7.0 p1
Affected: 2.7.0 p2
Affected: 2.7.0 p3
Affected: 2.7.0 p4
Affected: 2.7.0 p5
Affected: 2.7.0 p6
Affected: 2.7.0 p7
Affected: 3.0.0
Affected: 3.0.0 p1
Affected: 3.0.0 p2
Affected: 3.0.0 p3
Affected: 3.0.0 p4
Affected: 3.0.0 p5
Affected: 3.1.0
Affected: 3.1.0 p1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:31:58.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-ise-sec-atk-dos-zw5RCUYp",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.0"
            },
            {
              "status": "affected",
              "version": "2.6.0 p1"
            },
            {
              "status": "affected",
              "version": "2.6.0 p2"
            },
            {
              "status": "affected",
              "version": "2.6.0 p3"
            },
            {
              "status": "affected",
              "version": "2.6.0 p5"
            },
            {
              "status": "affected",
              "version": "2.6.0 p6"
            },
            {
              "status": "affected",
              "version": "2.6.0 p7"
            },
            {
              "status": "affected",
              "version": "2.6.0 p8"
            },
            {
              "status": "affected",
              "version": "2.6.0 p9"
            },
            {
              "status": "affected",
              "version": "2.6.0 p10"
            },
            {
              "status": "affected",
              "version": "2.6.0 p11"
            },
            {
              "status": "affected",
              "version": "2.6.0 p12"
            },
            {
              "status": "affected",
              "version": "2.7.0"
            },
            {
              "status": "affected",
              "version": "2.7.0 p1"
            },
            {
              "status": "affected",
              "version": "2.7.0 p2"
            },
            {
              "status": "affected",
              "version": "2.7.0 p3"
            },
            {
              "status": "affected",
              "version": "2.7.0 p4"
            },
            {
              "status": "affected",
              "version": "2.7.0 p5"
            },
            {
              "status": "affected",
              "version": "2.7.0 p6"
            },
            {
              "status": "affected",
              "version": "2.7.0 p7"
            },
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.0.0 p1"
            },
            {
              "status": "affected",
              "version": "3.0.0 p2"
            },
            {
              "status": "affected",
              "version": "3.0.0 p3"
            },
            {
              "status": "affected",
              "version": "3.0.0 p4"
            },
            {
              "status": "affected",
              "version": "3.0.0 p5"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device.\r\n\r This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications.\r\n\r   There are workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "Insufficient Resource Pool",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:17.112Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ise-sec-atk-dos-zw5RCUYp",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ise-sec-atk-dos-zw5RCUYp",
        "defects": [
          "CSCvz99311"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20937",
    "datePublished": "2022-11-03T19:31:40.471Z",
    "dateReserved": "2021-11-02T13:28:29.192Z",
    "dateUpdated": "2024-08-03T02:31:58.639Z",
    "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2048 (GCVE-0-2022-2048)

Vulnerability from cvelistv5 – Published: 2022-07-07 20:35 – Updated: 2024-08-03 00:24
VLAI
Summary
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
Assigner
References
Impacted products
Vendor Product Version
The Eclipse Foundation Eclipse Jetty Affected: 9.4.0 , < unspecified (custom)
Affected: unspecified , ≤ 9.4.46 (custom)
Affected: 10.0.0 , < unspecified (custom)
Affected: unspecified , ≤ 10.0.9 (custom)
Affected: 11.0.0 , < unspecified (custom)
Affected: unspecified , ≤ 11.0.9 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:43.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
          },
          {
            "name": "DSA-5198",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5198"
          },
          {
            "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
          },
          {
            "name": "[oss-security] 20220909 Vulnerability in Jenkins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.4.46",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "11.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-664",
              "description": "CWE-664",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-09T14:06:11.000Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
        },
        {
          "name": "DSA-5198",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5198"
        },
        {
          "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
        },
        {
          "name": "[oss-security] 20220909 Vulnerability in Jenkins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2022-2048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.4.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.4.46"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "10.0.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "10.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "11.0.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "11.0.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-410"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-664"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
              "refsource": "CONFIRM",
              "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
            },
            {
              "name": "DSA-5198",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5198"
            },
            {
              "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220901-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
            },
            {
              "name": "[oss-security] 20220909 Vulnerability in Jenkins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2022-2048",
    "datePublished": "2022-07-07T20:35:09.000Z",
    "dateReserved": "2022-06-09T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:43.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1615 (GCVE-0-2021-1615)

Vulnerability from cvelistv5 – Published: 2021-09-23 02:30 – Updated: 2024-11-07 21:51
VLAI
Title
Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability
Summary
A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2021-09-22 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:10.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1615",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:47:23.605565Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:51:48.650Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-09-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-23T02:30:45.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxe-ewc-dos-g6JruHRT",
        "defect": [
          [
            "CSCvy04449"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-09-22T16:00:00",
          "ID": "CVE-2021-1615",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-410"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-iosxe-ewc-dos-g6JruHRT",
          "defect": [
            [
              "CSCvy04449"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1615",
    "datePublished": "2021-09-23T02:30:45.294Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-07T21:51:48.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-13921 (GCVE-0-2019-13921)

Vulnerability from cvelistv5 – Published: 2019-10-10 13:49 – Updated: 2024-08-05 00:05
VLAI
Summary
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software.
Severity
No CVSS data available.
CWE
  • CWE-410 - Insufficient Resource Pool
Assigner
References
Impacted products
Vendor Product Version
Siemens AG SIMATIC WinAC RTX (F) 2010 Affected: All versions < SP3 Update 1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:05:44.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC WinAC RTX (F) 2010",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c SP3 Update 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions \u003c SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410: Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-16T15:35:24.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2019-13921",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinAC RTX (F) 2010",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c SP3 Update 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions \u003c SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-410: Insufficient Resource Pool"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-13921",
    "datePublished": "2019-10-10T13:49:24.000Z",
    "dateReserved": "2019-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:05:44.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-0056 (GCVE-0-2019-0056)

Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-16 18:29
VLAI
Title
Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device.
Summary
This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.
CWE
  • CWE-410 - Insufficient Resource Pool
Assigner
References
URL Tags
https://kb.juniper.net/JSA10954 x_refsource_MISC
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 18.1 , < 18.1R2-S4, 18.1R3-S5 (custom)
Affected: 18.2 , < 18.2R1-S5, 18.2R2-S3, 18.2R3 (custom)
Affected: 18.2X75 , < 18.2X75-D50 (custom)
Affected: 18.3 , < 18.3R1-S4, 18.3R2, 18.3R3 (custom)
Affected: 18.4 , < 18.4R1-S2, 18.4R2 (custom)
Affected: 18.1X75-D10 , < 18.1X75* (custom)
Create a notification for this product.
Date Public
2019-10-09 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:37:07.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10954"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "MX480, MX960, MX2008, MX2010, MX2020"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.1R2-S4, 18.1R3-S5",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R1-S5, 18.2R2-S3, 18.2R3",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2X75-D50",
              "status": "affected",
              "version": "18.2X75",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R1-S4, 18.3R2, 18.3R3",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S2, 18.4R2",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1X75*",
              "status": "affected",
              "version": "18.1X75-D10",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "OSPF configuration examples can be found at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ospf-configuring-interfaces.html#jd0e229"
        },
        {
          "lang": "en",
          "value": "You can issue show chassis at the device to determine if there are multiple MCP10\u0027s in your system. For example:\n  root@device\u003e show chassis fpc pic-status\n  Slot 1   Online       MPC10E 3D MRATE-15xQSFPP\n  PIC 0 Online       MRATE-5xQSFPP\n  PIC 1 Online       MRATE-5xQSFPP\n  PIC 2 Online       MRATE-5xQSFPP\n  Slot 2   Online       MPC10E 3D MRATE-15xQSFPP\n  PIC 0 Online       MRATE-5xQSFPP\n  PIC 1 Online       MRATE-5xQSFPP\n  PIC 2 Online       MRATE-5xQSFPP\n  Slot 3   Online       MPC10E 3D MRATE-15xQSFPP\n  PIC 0 Online       MRATE-5xQSFPP\n  PIC 1 Online       MRATE-5xQSFPP\n  PIC 2 Online       MRATE-5xQSFPP"
        }
      ],
      "datePublic": "2019-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue only affects devices with three (3) or more MPC10\u0027s installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device\u0027s Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE\u0027s on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410 Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T19:26:17.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA10954"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S5, 18.2R1-S5, 18.2R2-S3, 18.2R3, 18.2X75-D50, 18.3R1-S4, 18.3R2, 18.3R3, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10954",
        "defect": [
          "1418955"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device.",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
          "ID": "CVE-2019-0056",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "MX480, MX960, MX2008, MX2010, MX2020",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R2-S4, 18.1R3-S5"
                          },
                          {
                            "platform": "MX480, MX960, MX2008, MX2010, MX2020",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R1-S5, 18.2R2-S3, 18.2R3"
                          },
                          {
                            "platform": "MX480, MX960, MX2008, MX2010, MX2020",
                            "version_affected": "\u003c",
                            "version_name": "18.2X75",
                            "version_value": "18.2X75-D50"
                          },
                          {
                            "platform": "MX480, MX960, MX2008, MX2010, MX2020",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R1-S4, 18.3R2, 18.3R3"
                          },
                          {
                            "platform": "MX480, MX960, MX2008, MX2010, MX2020",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S2, 18.4R2"
                          },
                          {
                            "platform": "MX480, MX960, MX2008, MX2010, MX2020",
                            "version_affected": "\u003e=",
                            "version_name": "18.1X75",
                            "version_value": "18.1X75-D10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "OSPF configuration examples can be found at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ospf-configuring-interfaces.html#jd0e229"
          },
          {
            "lang": "en",
            "value": "You can issue show chassis at the device to determine if there are multiple MCP10\u0027s in your system. For example:\n  root@device\u003e show chassis fpc pic-status\n  Slot 1   Online       MPC10E 3D MRATE-15xQSFPP\n  PIC 0 Online       MRATE-5xQSFPP\n  PIC 1 Online       MRATE-5xQSFPP\n  PIC 2 Online       MRATE-5xQSFPP\n  Slot 2   Online       MPC10E 3D MRATE-15xQSFPP\n  PIC 0 Online       MRATE-5xQSFPP\n  PIC 1 Online       MRATE-5xQSFPP\n  PIC 2 Online       MRATE-5xQSFPP\n  Slot 3   Online       MPC10E 3D MRATE-15xQSFPP\n  PIC 0 Online       MRATE-5xQSFPP\n  PIC 1 Online       MRATE-5xQSFPP\n  PIC 2 Online       MRATE-5xQSFPP"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This issue only affects devices with three (3) or more MPC10\u0027s installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device\u0027s Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE\u0027s on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-410 Insufficient Resource Pool"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10954",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA10954"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S5, 18.2R1-S5, 18.2R2-S3, 18.2R3, 18.2X75-D50, 18.3R1-S4, 18.3R2, 18.3R3, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10954",
          "defect": [
            "1418955"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2019-0056",
    "datePublished": "2019-10-09T19:26:17.416Z",
    "dateReserved": "2018-10-11T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:29:55.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-13815 (GCVE-0-2018-13815)

Vulnerability from cvelistv5 – Published: 2018-12-13 16:00 – Updated: 2024-08-05 09:14
VLAI
Summary
A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.
Severity
No CVSS data available.
CWE
  • CWE-410 - Insufficient Resource Pool
Assigner
References
Impacted products
Vendor Product Version
Siemens AG SIMATIC S7-1200, SIMATIC S7-1500 Affected: SIMATIC S7-1200 : All versions
Affected: SIMATIC S7-1500 : All Versions < V2.6
Create a notification for this product.
Date Public
2018-12-13 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:14:47.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105928",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105928"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC S7-1200, SIMATIC S7-1500",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "SIMATIC S7-1200 : All versions"
            },
            {
              "status": "affected",
              "version": "SIMATIC S7-1500 : All Versions \u003c V2.6"
            }
          ]
        }
      ],
      "datePublic": "2018-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions \u003c V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-410",
              "description": "CWE-410: Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-14T10:57:02.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "105928",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105928"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2018-13815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC S7-1200, SIMATIC S7-1500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SIMATIC S7-1200 : All versions"
                          },
                          {
                            "version_value": "SIMATIC S7-1500 : All Versions \u003c V2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions \u003c V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-410: Insufficient Resource Pool"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105928",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105928"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-13815",
    "datePublished": "2018-12-13T16:00:00.000Z",
    "dateReserved": "2018-07-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:14:47.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests.

Mitigation
Architecture and Design

Consider implementing a velocity check mechanism which would detect abusive behavior.

Mitigation
Operation

Consider load balancing as an option to handle heavy loads.

Mitigation
Implementation

Make sure that resource handles are properly closed when no longer needed.

Mitigation
Architecture and Design

Identify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).

No CAPEC attack patterns related to this CWE.