var-202010-0395
Vulnerability from variot
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. of multiple Mitsubishi Electric products TCP A vulnerability in session management exists in the protocol stack. This vulnerability information is provided by the developer for the purpose of dissemination to product users. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of ACK packets. When generating ACK packets, the application uses a predictable sequence number. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Mitsubishi Electric gt14 model是日本三菱电机(Mitsubishi Electric)公司的一个用于工业生产过程中提供人机交互界面的设备. Mitsubishi Electric 多个产品存在命令执行漏洞,该漏洞允许攻击者冒充合法设备,从而使攻击者能够远程执行任意命令。以下产品和版本受到影响:QJ71MES96 all versions,QJ71WS96 all versions,Q06CCPU-V all versions,Q24DHCCPU-V all versions,Q24DHCCPU-VG all versions,R12CCPU-V Version 13 and prior,RD55UP06-V Version 09 and prior,RD55UP12-V Version 01,RJ71GN11-T2 Version 11 and prior,RJ71EN71 all versions,QJ71E71-100 all versions,LJ71E71-100 all versions,QJ71MT91 all versions,RD78Gn(n=4,8,16,32,64) all versions,RD78GHV all versions,RD78GHW all versions,NZ2GACP620-60 all versions,NZ2GACP620-300 all versions,NZ2FT-MT all versions,NZ2FT-EIP all versions,Q03UDECPU the first 5 digits of serial number 22081 and prior,QnUDEHCPU(n=04/06/10/13/20/26/50/100) the first 5 digits of serial number 22081 and prior,QnUDVCPU(n=03/04/06/13/26) the first 5 digits of serial number 22031 and prior,QnUDPVCPU(n=04/06/13/26) the first 5 digits of serial number 22031 and prior,LnCPU(-P)(n=02/06/26) the first 5 digits of serial number 22051 and prior,L26CPU-(P)BT the first 5 digits of serial number 22051 and prior,RnCPU(n=00/01/02) Version 18 and prior,RnCPU(n=04/08/16/32/120) Version 50 and prior,RnENCPU(n=04/08/16/32/120) Version 50 and prior,RnSFCPU (n=08/16/32/120) Version 22 and prior,RnPCPU(n=08/16/32/120) Version 24 and prior,RnPSFCPU(n=08/16/32/120) Version 05 and prior,FX5U(C)-M*/,FX5UC-32M/-TS Version 1.210 and prior,FX5UJ-M/ Version 1.000,FX5-ENET Version 1.002 and prior,FX5-ENET/IP Version 1.002 and prior,FX3U-ENET-ADP Version 1.22 and prior,FX3GE-M/* the first 3 digits of serial number 20X and prior,FX3U-ENET Version 1.14 and prior,FX3U-ENET-L Version 1.14 and prior,FX3U-ENET-P502 Version 1.14 and prior,FX5-CCLGN-MS Version 1.000,IU1-1M20-D all versions,LE7-40GU-L all versions,GOT2000 Series GT21 Model all versions,GS Series all versions,GOT1000 Series GT14 Model all versions,GT25-J71GN13-T2 all versions,FR-A800-E Series production date December 2020 and prior,FR-F800-E Series production date December 2020 and prior,FR-A8NCG Production date August 2020 and prior,FR-E800-EPA Series Production date July 2020 and prior,FR-E800-EPB Series Production date July 2020 and prior,Conveyor Tracking Application APR-nTR3FH APR-nTR6FH APR-nTR12FH APR-nTR20FH(n=1,2) all versions (Discontinued product),MR-JE-C all versions,MR-J4-TM all versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0395",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fr-f842-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rnpsfcpu\\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "qj71ws96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-14mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-f860-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "q24dhccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-24mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx3u-enet",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "q24dhccpu-vg",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rnpcpu\\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "got2000 series gt21",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-60mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5-enet-adp",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a860-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rd55up06-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-40mr\\/ds",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-40mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uc-32mr\\/ds-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "got1000 series gt14",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "conveyor tracking application apr-ntr12fh",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "rd78ghv",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-f820-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-f840-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "qnudehcpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22081"
},
{
"model": "qnudpvcpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22031"
},
{
"model": "fx5uj-24mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "nz2gacp620-60",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rnsfcpu \\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rj71en71",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5-enet",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a862-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "mr-j4-tm",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "r12ccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "mr-je-c",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-40mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-40mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx3g-32 mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "qnudvcpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22031"
},
{
"model": "lj71e71-100",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-40mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx5uc-32mt\\/d",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "fx5uj-60mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx3g-14mr\\/ds",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-14mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5-cclgn-ms",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a8ncge",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "2020-08"
},
{
"model": "qj71mt91",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a820-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-60mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fr-e800-epa",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "2020-07"
},
{
"model": "got simple series gs21",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-e800-epb",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "2020-07"
},
{
"model": "fx3g-14mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rj71gn11-t2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-40mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "le7-40gu-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-40mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "iu1-1m20-d",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "nz2gacp620-300",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "l26cpu-\\ bt",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22051"
},
{
"model": "nz2ft-mt",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "q06ccpu-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-f862-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "conveyor tracking application apr-ntr6fh",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3g-24mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rd78gn\\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-24mr\\/ds",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "lncpu\\ \\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22051"
},
{
"model": "fx3g-60mr\\/ds",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "conveyor tracking application apr-ntr3fh",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-24mr\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "conveyor tracking application apr-ntr20fh\\",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": null
},
{
"model": "fx3u-enet-l",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a842-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fr-a840-e",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-60mt\\/ess",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rd78ghw",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uc-32mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "rncpu\\ t",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "18"
},
{
"model": "fx3u-enet-p502",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "gt25-j71gn13-t2",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uc-32mt\\/ds-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "q03udecpu",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "22081"
},
{
"model": "fx5uj-60mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "fx5uc-32mt\\/dss-ts",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.210"
},
{
"model": "fx5-enet\\/ip",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx3g-60mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rncpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "50"
},
{
"model": "fx3g-24mt\\/dss",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "rnencpu\\",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "50"
},
{
"model": "qj71mes96",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "fx5uj-24mt\\/es",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "1.000"
},
{
"model": "rd55up12-v",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "nz2ft-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "*"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "(multiple products)"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * ac the servo melservo"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * lossnay central ventilation system"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * display got"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * air conditioning control system / centralized controller"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * air conditioning control system / expansion controller"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * energy measurement unit"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "affected products s vary widely. for more information, please check the information provided by the developer."
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * range hood fan"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * data collection analyzer melqic"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * hems compatible adapter, lan adapter"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * air conditioning control system / bm adapter"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * room air conditioner"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * bath drying/heating/ventilation system"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * solar power system color monitor eco guide"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * ventilation fan for duct"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * tension controller"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * inverter freqrol"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * mitsubishi energy saving dem monitoring server e-energy"
},
{
"model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
"scope": "eq",
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": "it was * robot melfa"
},
{
"model": "melsec iq-f",
"scope": null,
"trust": 0.7,
"vendor": "mitsubishi electric",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ta-Lun Yen of TXOne IoT/ICS Security Research Labs (Trend Micro)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
}
],
"trust": 0.7
},
"cve": "CVE-2020-16226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-16226",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16226",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-16226",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16226",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16226",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-16226",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-16226",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-074",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-16226",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. of multiple Mitsubishi Electric products TCP A vulnerability in session management exists in the protocol stack. This vulnerability information is provided by the developer for the purpose of dissemination to product users. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of ACK packets. When generating ACK packets, the application uses a predictable sequence number. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Mitsubishi Electric gt14 model\u662f\u65e5\u672c\u4e09\u83f1\u7535\u673a\uff08Mitsubishi Electric\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u5de5\u4e1a\u751f\u4ea7\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u4eba\u673a\u4ea4\u4e92\u754c\u9762\u7684\u8bbe\u5907. \nMitsubishi Electric \u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u5192\u5145\u5408\u6cd5\u8bbe\u5907\uff0c\u4ece\u800c\u4f7f\u653b\u51fb\u8005\u80fd\u591f\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aQJ71MES96 all versions\uff0cQJ71WS96 all versions\uff0cQ06CCPU-V all versions\uff0cQ24DHCCPU-V all versions\uff0cQ24DHCCPU-VG all versions\uff0cR12CCPU-V Version 13 and prior\uff0cRD55UP06-V Version 09 and prior\uff0cRD55UP12-V Version 01\uff0cRJ71GN11-T2 Version 11 and prior\uff0cRJ71EN71 all versions\uff0cQJ71E71-100 all versions\uff0cLJ71E71-100 all versions\uff0cQJ71MT91 all versions\uff0cRD78Gn(n=4,8,16,32,64) all versions\uff0cRD78GHV all versions\uff0cRD78GHW all versions\uff0cNZ2GACP620-60 all versions\uff0cNZ2GACP620-300 all versions\uff0cNZ2FT-MT all versions\uff0cNZ2FT-EIP all versions\uff0cQ03UDECPU the first 5 digits of serial number 22081 and prior\uff0cQnUDEHCPU(n=04/06/10/13/20/26/50/100) the first 5 digits of serial number 22081 and prior\uff0cQnUDVCPU(n=03/04/06/13/26) the first 5 digits of serial number 22031 and prior\uff0cQnUDPVCPU(n=04/06/13/26) the first 5 digits of serial number 22031 and prior\uff0cLnCPU(-P)(n=02/06/26) the first 5 digits of serial number 22051 and prior\uff0cL26CPU-(P)BT the first 5 digits of serial number 22051 and prior\uff0cRnCPU(n=00/01/02) Version 18 and prior\uff0cRnCPU(n=04/08/16/32/120) Version 50 and prior\uff0cRnENCPU(n=04/08/16/32/120) Version 50 and prior\uff0cRnSFCPU (n=08/16/32/120) Version 22 and prior\uff0cRnPCPU(n=08/16/32/120) Version 24 and prior\uff0cRnPSFCPU(n=08/16/32/120) Version 05 and prior\uff0cFX5U(C)-**M*/**\uff0cFX5UC-32M*/**-TS Version 1.210 and prior\uff0cFX5UJ-**M*/** Version 1.000\uff0cFX5-ENET Version 1.002 and prior\uff0cFX5-ENET/IP Version 1.002 and prior\uff0cFX3U-ENET-ADP Version 1.22 and prior\uff0cFX3GE-**M*/** the first 3 digits of serial number 20X and prior\uff0cFX3U-ENET Version 1.14 and prior\uff0cFX3U-ENET-L Version 1.14 and prior\uff0cFX3U-ENET-P502 Version 1.14 and prior\uff0cFX5-CCLGN-MS Version 1.000\uff0cIU1-1M20-D all versions\uff0cLE7-40GU-L all versions\uff0cGOT2000 Series GT21 Model all versions\uff0cGS Series all versions\uff0cGOT1000 Series GT14 Model all versions\uff0cGT25-J71GN13-T2 all versions\uff0cFR-A800-E Series production date December 2020 and prior\uff0cFR-F800-E Series production date December 2020 and prior\uff0cFR-A8NCG Production date August 2020 and prior\uff0cFR-E800-EPA Series Production date July 2020 and prior\uff0cFR-E800-EPB Series Production date July 2020 and prior\uff0cConveyor Tracking Application APR-nTR3FH APR-nTR6FH APR-nTR12FH APR-nTR20FH(n=1,2) all versions (Discontinued product)\uff0cMR-JE-C all versions\uff0cMR-J4-TM all versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16226",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-245-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU93926439",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10966",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-20-1207",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3041",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4767",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16226",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"id": "VAR-202010-0395",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2024-11-23T21:51:16.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "of our products TCP Spoofing Vulnerability in Protocol Stack",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-009.pdf"
},
{
"title": "Mitsubishi Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01"
},
{
"title": "mitsubishielectric Fixes for remote command execution vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=127702"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-342",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93926439/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3041/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16226"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4767"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/342.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-245-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"date": "2020-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"date": "2020-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"date": "2020-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"date": "2020-10-05T18:15:13.133000",
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1207"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16226"
},
{
"date": "2022-09-26T08:55:00",
"db": "JVNDB",
"id": "JVNDB-2020-008251"
},
{
"date": "2022-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-074"
},
{
"date": "2024-11-21T05:06:58.517000",
"db": "NVD",
"id": "CVE-2020-16226"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "of multiple Mitsubishi Electric products \u00a0TCP\u00a0 Session management flaw in protocol stack",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command execution",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-074"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…