Vulnerabilites related to Mitsubishi Electric Corporation - MELSEC-Q Series Q04UDVCPU
CVE-2025-8531 (GCVE-0-2025-8531)
Vulnerability from cvelistv5
Published
2025-09-19 09:30
Modified
2025-09-24 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Summary
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. "24082" to "27081" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People's Republic of China, and is normally disabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf | vendor-advisory | |
| https://jvn.jp/vu/JVNVU97846038/ | government-resource | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-02 | government-resource |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDVCPU |
Version: The first 5 digits of serial No. "24082" to "27081" |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T11:46:02.489151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T11:46:19.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24082\" to \"27081\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People\u0027s Republic of China, and is normally disabled."
}
],
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. \"24082\" to \"27081\" allows a remote attacker to cause an integer underflow by sending specially crafted packets to the affected product to stop Ethernet communication and the execution of control programs on the product, when the user authentication function is enabled. The user authentication function is enabled by default only when settings are configured by GX Works2, which complies with the Cybersecurity Law of the People\u0027s Republic of China, and is normally disabled."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial-of-Service (DoS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T05:39:19.865Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-013_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU97846038/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2025-8531",
"datePublished": "2025-09-19T09:30:21.832Z",
"dateReserved": "2025-08-04T08:24:14.341Z",
"dateUpdated": "2025-09-24T05:39:19.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0803 (GCVE-0-2024-0803)
Vulnerability from cvelistv5
Published
2024-03-14 23:59
Modified
2024-08-27 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf | vendor-advisory | |
| https://jvn.jp/vu/JVNVU99690199/ | government-resource | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | government-resource |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDECPU |
Version: The first 5 digits of serial No. "26061" and prior |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q03udecpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q04udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q06udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q10udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q13udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q20udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q26udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q50udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q100udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q03udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q04udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l26cpu-bt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-pbt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T16:35:33.077868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:56:00.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDECPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q10UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q20UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q50UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q100UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-BT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-PBT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
}
],
"datePublic": "2024-03-14T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T00:03:42.189Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-0803",
"datePublished": "2024-03-14T23:59:20.916Z",
"dateReserved": "2024-01-23T00:04:40.735Z",
"dateUpdated": "2024-08-27T19:56:00.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0802 (GCVE-0-2024-0802)
Vulnerability from cvelistv5
Published
2024-03-14 23:57
Modified
2024-08-01 18:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-468 - Incorrect Pointer Scaling
Summary
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf | vendor-advisory | |
| https://jvn.jp/vu/JVNVU99690199/ | government-resource | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | government-resource |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDECPU |
Version: The first 5 digits of serial No. "26061" and prior |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q03udecpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q04udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q06udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q10udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q13udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q20udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q26udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q50udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q100udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q03udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q04udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l26cpu-bt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-pbt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:29:47.319671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T01:00:21.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDECPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q10UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q20UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q50UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q100UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-BT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-PBT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
}
],
"datePublic": "2024-03-14T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet."
}
],
"value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure and Remote Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-468",
"description": "CWE-468 Incorrect Pointer Scaling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T00:03:03.747Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-0802",
"datePublished": "2024-03-14T23:57:07.390Z",
"dateReserved": "2024-01-23T00:04:23.168Z",
"dateUpdated": "2024-08-01T18:18:18.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1917 (GCVE-0-2024-1917)
Vulnerability from cvelistv5
Published
2024-03-15 00:02
Modified
2024-08-27 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf | vendor-advisory | |
| https://jvn.jp/vu/JVNVU99690199/ | government-resource | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | government-resource |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDECPU |
Version: The first 5 digits of serial No. "26061" and prior |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q03udecpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q04udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q06udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q10udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q13udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q20udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q26udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q50udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q100udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q03udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q04udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l26cpu-bt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-pbt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T19:57:53.325242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:58:12.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDECPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q10UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q20UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q50UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q100UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-BT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-PBT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
}
],
"datePublic": "2024-03-14T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T00:05:06.682Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1917",
"datePublished": "2024-03-15T00:02:39.351Z",
"dateReserved": "2024-02-27T06:32:47.752Z",
"dateUpdated": "2024-08-27T19:58:12.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1916 (GCVE-0-2024-1916)
Vulnerability from cvelistv5
Published
2024-03-15 00:01
Modified
2024-08-27 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf | vendor-advisory | |
| https://jvn.jp/vu/JVNVU99690199/ | government-resource | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | government-resource |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDECPU |
Version: The first 5 digits of serial No. "26061" and prior |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q03udecpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q04udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q06udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q10udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q13udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q20udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q26udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q50udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q100udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q03udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q04udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l26cpu-bt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-pbt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T19:08:27.756460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:57:29.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDECPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q10UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q20UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q50UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q100UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-BT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-PBT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
}
],
"datePublic": "2024-03-14T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T00:04:37.000Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1916",
"datePublished": "2024-03-15T00:01:39.440Z",
"dateReserved": "2024-02-27T06:32:44.641Z",
"dateUpdated": "2024-08-27T19:57:29.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1915 (GCVE-0-2024-1915)
Vulnerability from cvelistv5
Published
2024-03-15 00:00
Modified
2024-08-27 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-468 - Incorrect Pointer Scaling
Summary
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf | vendor-advisory | |
| https://jvn.jp/vu/JVNVU99690199/ | government-resource | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | government-resource |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDECPU |
Version: The first 5 digits of serial No. "26061" and prior |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q03udecpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q04udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q06udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q10udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q13udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q20udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q26udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q50udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q-q100udehcpu",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q03udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q04udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q06udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q13udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_q26udpvcpu",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu\\(-p\\)",
"vendor": "mitsubishi",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l02cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l06cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-p",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "l26cpu-bt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "melsec_l26cpu-pbt",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThan": "xxxxx26041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T15:51:36.118417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:56:54.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDECPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q10UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q20UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q50UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q100UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26061\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-BT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-PBT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"26041\" and prior"
}
]
}
],
"datePublic": "2024-03-14T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-468",
"description": "CWE-468 Incorrect Pointer Scaling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T00:04:05.170Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU99690199/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1915",
"datePublished": "2024-03-15T00:00:46.607Z",
"dateReserved": "2024-02-27T06:32:39.218Z",
"dateUpdated": "2024-08-27T19:56:54.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0457 (GCVE-0-2023-0457)
Vulnerability from cvelistv5
Published
2023-03-03 04:18
Modified
2025-03-05 20:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-256 - Plaintext Storage of a Password
Summary
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU93891523/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T20:02:13.840915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T20:02:32.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-64MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-96MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-64MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-96MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DSS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MR/DS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5-ENET",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5-ENET/IP",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R00CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R01CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R04CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R04ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08SFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16SFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32SFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120SFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08PCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16PCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32PCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120PCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08PSFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16PSFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32PSFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120PSFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series RJ71EN71",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R12CCPU-V",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDECPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q10UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q20UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q50UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q100UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-Q Series QJ71E71-100",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L02CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L06CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-BT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series L26CPU-PBT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC-L Series LJ71E71-100",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server."
}
],
"value": "Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-21T04:21:45.500Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU93891523/index.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure Vulnerability in MELSEC Series",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2023-0457",
"datePublished": "2023-03-03T04:18:15.787Z",
"dateReserved": "2023-01-24T08:55:21.468Z",
"dateUpdated": "2025-03-05T20:02:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}