All the vulnerabilites related to Mitsubishi Electric - QJ71E71-100
var-201702-0075
Vulnerability from variot
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. Attackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0075", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "qj71e71-b2", "scope": "eq", "trust": 1.0, "vendor": "mitsubishielectric", "version": null }, { "model": "qj71e71-b5", "scope": "eq", "trust": 1.0, "vendor": "mitsubishielectric", "version": null }, { "model": "qj71e71-100", "scope": "eq", "trust": 1.0, "vendor": "mitsubishielectric", "version": null }, { "model": "electric qj71e71-100", "scope": "eq", "trust": 0.9, "vendor": "mitsubishi", "version": "0" }, { "model": "electric qj71e71-b2", "scope": "eq", "trust": 0.9, "vendor": "mitsubishi", "version": "0" }, { "model": "electric qj71e71-b5", "scope": "eq", "trust": 0.9, "vendor": "mitsubishi", "version": "0" }, { "model": "qj71e71-100", "scope": "eq", "trust": 0.8, "vendor": "mitsubishi electric", "version": "of" }, { "model": "qj71e71-b2", "scope": "eq", "trust": 0.8, "vendor": "mitsubishi electric", "version": "of" }, { "model": "qj71e71-b5", "scope": "eq", "trust": 0.8, "vendor": "mitsubishi electric", "version": "of" }, { "model": "qj71e71-b2", "scope": "eq", "trust": 0.6, "vendor": "mitsubishi electric", "version": null }, { "model": "qj71e71-100", "scope": "eq", "trust": 0.6, "vendor": "mitsubishi electric", "version": null }, { "model": "qj71e71-b5", "scope": "eq", "trust": 0.6, "vendor": "mitsubishi electric", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "qj71e71 100", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "qj71e71 b5", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "qj71e71 b2", "version": null } ], "sources": [ { "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "db": "CNVD", "id": "CNVD-2016-11832" }, { "db": "BID", "id": "94632" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8368" }, { "db": "CNNVD", "id": "CNNVD-201612-009" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:mitsubishielectric:qj71e71-b5_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:mitsubishielectric:qj71e71-b5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:mitsubishielectric:qj71e71-b2_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:mitsubishielectric:qj71e71-b2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8368" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vladimir Dashchenko of Critical Infrastructure Defense Team", "sources": [ { "db": "BID", "id": "94632" }, { "db": "CNNVD", "id": "CNNVD-201612-009" } ], "trust": 0.9 }, "cve": "CVE-2016-8368", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 7.8, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2016-007661", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2016-11832", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-97188", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA", "availabilityImpact": "None", "baseScore": 8.6, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2016-007661", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8368", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2016-007661", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2016-11832", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201612-009", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-97188", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "db": "CNVD", "id": "CNVD-2016-11832" }, { "db": "VULHUB", "id": "VHN-97188" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8368" }, { "db": "CNNVD", "id": "CNNVD-201612-009" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploiting a vulnerability can result in a denial of service condition. \nAttackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions", "sources": [ { "db": "NVD", "id": "CVE-2016-8368" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "CNVD", "id": "CNVD-2016-11832" }, { "db": "BID", "id": "94632" }, { "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "db": "VULHUB", "id": "VHN-97188" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8368", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-336-03", "trust": 3.4 }, { "db": "BID", "id": "94632", "trust": 2.6 }, { "db": "CNNVD", "id": "CNNVD-201612-009", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-11832", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99901500", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-007661", "trust": 0.8 }, { "db": "IVD", "id": "218C8DDF-AE70-4D34-AB2C-7271D1A5A80F", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-97188", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "db": "CNVD", "id": "CNVD-2016-11832" }, { "db": "VULHUB", "id": "VHN-97188" }, { "db": "BID", "id": "94632" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8368" }, { "db": "CNNVD", "id": "CNNVD-201612-009" } ] }, "id": "VAR-201702-0075", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "db": "CNVD", "id": "CNVD-2016-11832" }, { "db": "VULHUB", "id": "VHN-97188" } ], "trust": 1.7055555333333334 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "db": "CNVD", "id": "CNVD-2016-11832" } ] }, "last_update_date": "2023-12-18T12:04:41.269000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831", "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99901500/479518/index.html" }, { "title": "Patches for multiple service violations in multiple Mitsubishi Electric MELSEC-Q series products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/84928" }, { "title": "Mitsubishi Electric MELSEC-Q Series Product Security Bypass Vulnerabilities and Remediation Measures for Denial of Service Vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65991" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11832" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "CNNVD", "id": "CNNVD-201612-009" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-662", "trust": 1.0 }, { "problemtype": "CWE-399", "trust": 0.9 }, { "problemtype": "CWE-412", "trust": 0.8 }, { "problemtype": "CWE-327", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97188" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8368" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/94632" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99901500/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368" }, { "trust": 0.3, "url": "http://www.mrslim.com/home.asp" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11832" }, { "db": "VULHUB", "id": "VHN-97188" }, { "db": "BID", "id": "94632" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8368" }, { "db": "CNNVD", "id": "CNNVD-201612-009" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "db": "CNVD", "id": "CNVD-2016-11832" }, { "db": "VULHUB", "id": "VHN-97188" }, { "db": "BID", "id": "94632" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8368" }, { "db": "CNNVD", "id": "CNNVD-201612-009" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-12-05T00:00:00", "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "date": "2016-12-01T00:00:00", "db": "CNVD", "id": "CNVD-2016-11832" }, { "date": "2017-02-13T00:00:00", "db": "VULHUB", "id": "VHN-97188" }, { "date": "2016-12-01T00:00:00", "db": "BID", "id": "94632" }, { "date": "2017-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "date": "2017-02-13T21:59:01.173000", "db": "NVD", "id": "CVE-2016-8368" }, { "date": "2016-12-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201612-009" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-01-09T00:00:00", "db": "CNVD", "id": "CNVD-2016-11832" }, { "date": "2017-03-15T00:00:00", "db": "VULHUB", "id": "VHN-97188" }, { "date": "2016-12-20T00:06:00", "db": "BID", "id": "94632" }, { "date": "2017-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "date": "2021-09-13T11:15:09.173000", "db": "NVD", "id": "CVE-2016-8368" }, { "date": "2021-09-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201612-009" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201612-009" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mitsubishi Electric MELSEC-Q Series Ethernet Multiple vulnerabilities in interface module", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007661" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "218c8ddf-ae70-4d34-ab2c-7271d1a5a80f" }, { "db": "CNNVD", "id": "CNNVD-201612-009" } ], "trust": 0.8 } }
var-201905-1060
Vulnerability from variot
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan's Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following MELSEC-Q series PLCs are affected: QJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1060", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "qj71e71-100", "scope": "lte", "trust": 1.0, "vendor": "mitsubishielectric", "version": "20121" }, { "model": "qj71e71-100", "scope": "eq", "trust": 0.8, "vendor": "mitsubishi electric", "version": "( above the serial number 5 digits 20121 previous version )" }, { "model": "electric melsec-q series plcs j71e71-100 serial number", "scope": "lte", "trust": 0.6, "vendor": "mitsubishi", "version": "\u003c=20121" }, { "model": "electric qj71e71-100", "scope": "eq", "trust": 0.3, "vendor": "mitsubishi", "version": "20121" }, { "model": "electric qj71e71-100", "scope": "eq", "trust": 0.3, "vendor": "mitsubishi", "version": "18072" }, { "model": "electric qj71e71-100", "scope": "ne", "trust": 0.3, "vendor": "mitsubishi", "version": "20122" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16527" }, { "db": "BID", "id": "108419" }, { "db": "JVNDB", "id": "JVNDB-2019-003963" }, { "db": "NVD", "id": "CVE-2019-10977" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20121", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-10977" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Younes Dragoni and Alessandro Di Pinto of Nozomi Networks,Younes Dragoni and Alessandro Di Pinto of Nozomi Networks reported this vulnerability to Mitsubishi and NCCIC.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-839" } ], "trust": 0.6 }, "cve": "CVE-2019-10977", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-003963", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-16527", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-142577", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-003963", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-10977", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2019-003963", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2019-16527", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201905-839", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-142577", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16527" }, { "db": "VULHUB", "id": "VHN-142577" }, { "db": "JVNDB", "id": "JVNDB-2019-003963" }, { "db": "NVD", "id": "CVE-2019-10977" }, { "db": "CNNVD", "id": "CNNVD-201905-839" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan\u0027s Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following MELSEC-Q series PLCs are affected:\nQJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products", "sources": [ { "db": "NVD", "id": "CVE-2019-10977" }, { "db": "JVNDB", "id": "JVNDB-2019-003963" }, { "db": "CNVD", "id": "CNVD-2019-16527" }, { "db": "BID", "id": "108419" }, { "db": "VULHUB", "id": "VHN-142577" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10977", "trust": 3.4 }, { "db": "ICS CERT", "id": "ICSA-19-141-02", "trust": 2.8 }, { "db": "BID", "id": "108419", "trust": 2.6 }, { "db": "JVN", "id": "JVNVU93268101", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003963", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201905-839", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-16527", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1867", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-142577", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16527" }, { "db": "VULHUB", "id": "VHN-142577" }, { "db": "BID", "id": "108419" }, { "db": "JVNDB", "id": "JVNDB-2019-003963" }, { "db": "NVD", "id": "CVE-2019-10977" }, { "db": "CNNVD", "id": "CNNVD-201905-839" } ] }, "id": "VAR-201905-1060", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-16527" }, { "db": "VULHUB", "id": "VHN-142577" } ], "trust": 1.575 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16527" } ] }, "last_update_date": "2023-12-18T12:00:06.789000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u304a\u554f\u3044\u5408\u308f\u305b | \u4e09\u83f1\u96fb\u6a5f FA", "trust": 0.8, "url": "https://www.mitsubishielectric.co.jp/fa/support/purchase/index.html" }, { "title": "Patch for MitsubishiElectricMELSEC-QSeriesPLCs Remote Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/163035" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16527" }, { "db": "JVNDB", "id": "JVNDB-2019-003963" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-755", "trust": 1.1 }, { "problemtype": "CWE-400", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142577" }, { "db": "NVD", "id": "CVE-2019-10977" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "http://www.securityfocus.com/bid/108419" }, { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-141-02" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10977" }, { "trust": 0.9, "url": "http://www.mitsubishi-automation.com/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10977" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93268101/" }, { "trust": 0.6, "url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-10977" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1867/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16527" }, { "db": "VULHUB", "id": "VHN-142577" }, { "db": "BID", "id": "108419" }, { "db": "JVNDB", "id": "JVNDB-2019-003963" }, { "db": "NVD", "id": "CVE-2019-10977" }, { "db": "CNNVD", "id": "CNNVD-201905-839" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-16527" }, { "db": "VULHUB", "id": "VHN-142577" }, { "db": "BID", "id": "108419" }, { "db": "JVNDB", "id": "JVNDB-2019-003963" }, { "db": "NVD", "id": "CVE-2019-10977" }, { "db": "CNNVD", "id": "CNNVD-201905-839" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-05T00:00:00", "db": "CNVD", "id": "CNVD-2019-16527" }, { "date": "2019-05-23T00:00:00", "db": "VULHUB", "id": "VHN-142577" }, { "date": "2019-05-21T00:00:00", "db": "BID", "id": "108419" }, { "date": "2019-05-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003963" }, { "date": "2019-05-23T14:29:07.610000", "db": "NVD", "id": "CVE-2019-10977" }, { "date": "2019-05-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-839" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-05T00:00:00", "db": "CNVD", "id": "CNVD-2019-16527" }, { "date": "2020-10-02T00:00:00", "db": "VULHUB", "id": "VHN-142577" }, { "date": "2019-05-21T00:00:00", "db": "BID", "id": "108419" }, { "date": "2019-05-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003963" }, { "date": "2020-10-02T13:33:12.300000", "db": "NVD", "id": "CVE-2019-10977" }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-839" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-839" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Made by Mitsubishi Electric MELSEC-Q series Ethernet Service operation interruption in the interface unit (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003963" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-839" } ], "trust": 0.6 } }
var-201702-0077
Vulnerability from variot
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0077", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "qj71e71-b2", "scope": "eq", "trust": 1.0, "vendor": "mitsubishielectric", "version": null }, { "model": "qj71e71-b5", "scope": "eq", "trust": 1.0, "vendor": "mitsubishielectric", "version": null }, { "model": "qj71e71-100", "scope": "eq", "trust": 1.0, "vendor": "mitsubishielectric", "version": null }, { "model": "electric qj71e71-100", "scope": "eq", "trust": 0.9, "vendor": "mitsubishi", "version": "0" }, { "model": "electric qj71e71-b2", "scope": "eq", "trust": 0.9, "vendor": "mitsubishi", "version": "0" }, { "model": "electric qj71e71-b5", "scope": "eq", "trust": 0.9, "vendor": "mitsubishi", "version": "0" }, { "model": "qj71e71-100", "scope": "eq", "trust": 0.8, "vendor": "mitsubishi electric", "version": "of" }, { "model": "qj71e71-b2", "scope": "eq", "trust": 0.8, "vendor": "mitsubishi electric", "version": "of" }, { "model": "qj71e71-b5", "scope": "eq", "trust": 0.8, "vendor": "mitsubishi electric", "version": "of" }, { "model": "qj71e71-b2", "scope": "eq", "trust": 0.6, "vendor": "mitsubishi electric", "version": null }, { "model": "qj71e71-100", "scope": "eq", "trust": 0.6, "vendor": "mitsubishi electric", "version": null }, { "model": "qj71e71-b5", "scope": "eq", "trust": 0.6, "vendor": "mitsubishi electric", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "qj71e71 100", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "qj71e71 b5", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "qj71e71 b2", "version": null } ], "sources": [ { "db": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c" }, { "db": "CNVD", "id": "CNVD-2016-11833" }, { "db": "BID", "id": "94632" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8370" }, { "db": "CNNVD", "id": "CNNVD-201702-463" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:mitsubishielectric:qj71e71-b5_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:mitsubishielectric:qj71e71-b5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:mitsubishielectric:qj71e71-b2_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:mitsubishielectric:qj71e71-b2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8370" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vladimir Dashchenko of Critical Infrastructure Defense Team", "sources": [ { "db": "BID", "id": "94632" } ], "trust": 0.3 }, "cve": "CVE-2016-8370", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 7.8, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2016-007661", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2016-11833", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "e9b21e03-b557-44eb-b380-01d11c51c00c", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-97190", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA", "availabilityImpact": "None", "baseScore": 8.6, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2016-007661", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8370", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2016-007661", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2016-11833", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201702-463", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-97190", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c" }, { "db": "CNVD", "id": "CNVD-2016-11833" }, { "db": "VULHUB", "id": "VHN-97190" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8370" }, { "db": "CNNVD", "id": "CNNVD-201702-463" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Using incomplete or dangerous encryption algorithms (CWE-327) - CVE-2016-8370 The password included in the communication data is encrypted with a weak encryption algorithm. Inappropriate restrictions on external operations (CWE-412) - CVE-2016-8368 Port by remote third party 5002/TCP via PLC Resulting in service disruption (DoS) There is a possibility of being attacked.A password may be obtained by a remote party or service operation may be interrupted (DoS) There is a possibility of being attacked. Mitsubishi Electric is a Japanese company. An attacker exploits a vulnerability to perform an unauthorized operation", "sources": [ { "db": "NVD", "id": "CVE-2016-8370" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "CNVD", "id": "CNVD-2016-11833" }, { "db": "BID", "id": "94632" }, { "db": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c" }, { "db": "VULHUB", "id": "VHN-97190" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8370", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-336-03", "trust": 3.4 }, { "db": "BID", "id": "94632", "trust": 2.6 }, { "db": "CNNVD", "id": "CNNVD-201702-463", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-11833", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99901500", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-007661", "trust": 0.8 }, { "db": "IVD", "id": "E9B21E03-B557-44EB-B380-01D11C51C00C", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-97190", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c" }, { "db": "CNVD", "id": "CNVD-2016-11833" }, { "db": "VULHUB", "id": "VHN-97190" }, { "db": "BID", "id": "94632" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8370" }, { "db": "CNNVD", "id": "CNNVD-201702-463" } ] }, "id": "VAR-201702-0077", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c" }, { "db": "CNVD", "id": "CNVD-2016-11833" }, { "db": "VULHUB", "id": "VHN-97190" } ], "trust": 1.7055555333333334 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c" }, { "db": "CNVD", "id": "CNVD-2016-11833" } ] }, "last_update_date": "2023-12-18T12:04:41.306000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u4e09\u83f1\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831", "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99901500/479518/index.html" }, { "title": "Multiple Mitsubishi Electric MELSEC-Q series products have patches for security bypass vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/84929" }, { "title": "Multiple Mitsubishi Electric Automation MELSEC-Q Repair measures for series product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67753" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11833" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "CNNVD", "id": "CNNVD-201702-463" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-327", "trust": 1.9 }, { "problemtype": "CWE-399", "trust": 0.8 }, { "problemtype": "CWE-412", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97190" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8370" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-03" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/94632" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8370" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8368" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99901500/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8370" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8368" }, { "trust": 0.3, "url": "http://www.mrslim.com/home.asp" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11833" }, { "db": "VULHUB", "id": "VHN-97190" }, { "db": "BID", "id": "94632" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8370" }, { "db": "CNNVD", "id": "CNNVD-201702-463" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c" }, { "db": "CNVD", "id": "CNVD-2016-11833" }, { "db": "VULHUB", "id": "VHN-97190" }, { "db": "BID", "id": "94632" }, { "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "db": "NVD", "id": "CVE-2016-8370" }, { "db": "CNNVD", "id": "CNNVD-201702-463" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-12-05T00:00:00", "db": "IVD", "id": "e9b21e03-b557-44eb-b380-01d11c51c00c" }, { "date": "2016-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2016-11833" }, { "date": "2017-02-13T00:00:00", "db": "VULHUB", "id": "VHN-97190" }, { "date": "2016-12-01T00:00:00", "db": "BID", "id": "94632" }, { "date": "2017-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "date": "2017-02-13T21:59:01.220000", "db": "NVD", "id": "CVE-2016-8370" }, { "date": "2017-02-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201702-463" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2016-11833" }, { "date": "2017-03-15T00:00:00", "db": "VULHUB", "id": "VHN-97190" }, { "date": "2016-12-20T00:06:00", "db": "BID", "id": "94632" }, { "date": "2017-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007661" }, { "date": "2021-09-13T11:13:36.640000", "db": "NVD", "id": "CVE-2016-8370" }, { "date": "2021-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201702-463" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201702-463" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mitsubishi Electric MELSEC-Q Series Ethernet Multiple vulnerabilities in interface module", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007661" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201702-463" } ], "trust": 0.6 } }
cve-2020-16226
Vulnerability from cvelistv5
â–¼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:37:54.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "QJ71MES96", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "QJ71WS96", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "Q06CCPU-V", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "Q24DHCCPU-V", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "Q24DHCCPU-VG", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "R12CCPU-V", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "RD55UP06-V,", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "D55UP12-V", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "RJ71GN11-T2", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "RJ71EN71", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "QJ71E71-100", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "LJ71E71-100", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "QJ71MT91", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "RD78Gn(n=4,8,16,32,64)", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "RD78GHV", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "RD78GHW", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "NZ2GACP620-60", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "NZ2GACP620-300", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "NZ2FT-MT", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "NZ2FT-EIP", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "Q03UDECPU", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "the first 5 digits of serial number 22081 and prior" } ] }, { "product": "QnUDEHCPU(n=04/06/10/13/20/26/50/100)", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "the first 5 digits of serial number 22081 and prior" } ] }, { "product": "QnUDVCPU(n=03/04/06/13/26)", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "the first 5 digits of serial number 22031 and prior" } ] }, { "product": "QnUDPVCPU(n=04/06/13/2)", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "the first 5 digits of serial number 22031 and prior" } ] }, { "product": "LnCPU(-P)(n=02/06/26)", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "the first 5 digits of serial number 22051 and prior" } ] }, { "product": "L26CPU-(P)BT", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "the first 5 digits of serial number 22051 and prior" } ] }, { "product": "RnCPU(n=00/01/02)", "vendor": "Mitsubishi Electric", "versions": [ { "lessThan": "Version 18 and prior", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "RnCPU(n=04/08/16/32/120)", "vendor": "Mitsubishi Electric", "versions": [ { "lessThan": "Version 50 and prior", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "RnENCPU(n=04/08/16/32/120)", "vendor": "Mitsubishi Electric", "versions": [ { "lessThan": "Version 50 and prior", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "RnSFCPU (n=08/16/32/120)", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "RnPCPU(n=08/16/32/120)", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "RnPSFCPU(n=08/16/32/120)", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FX5U(C)-**M*/**", "vendor": "Mitsubishi Electric", "versions": [ { "lessThan": "Serial number 17X**** or later: Version 1.210 and prior", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "Serial number 179**** and prior: Version 1.070 and prior", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "FX5UC-32M*/**-TS", "vendor": "Mitsubishi Electric", "versions": [ { "lessThan": "Version 1.210 and prior", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "FX5UJ-**M*/**", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "Version 1.000" } ] }, { "product": "FX5-ENET", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FX5-ENET/IP", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FX3U-ENET-ADP", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FX3GE-**M*/**", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FX3U-ENET", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FX3U-ENET-L", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FX3U-ENET-P502", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FX5-CCLGN-MS", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "IU1-1M20-D", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "LE7-40GU-L", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "GOT2000 Series GT21 Model", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "GS Series", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "GOT1000 Series GT14 Model", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "GT25-J71GN13-T2", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FR-A800-E Series", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FR-F800-E Series", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "FR-A8NCG", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "Production date August 2020 and prior" } ] }, { "product": "FR-E800-EPA Series", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "Production date July 2020 and prior" } ] }, { "product": "FR-E800-EPB Series", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "Production date July 2020 and prior" } ] }, { "product": "Conveyor Tracking Application", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "APR-nTR3FH all versions" }, { "status": "affected", "version": "APR-nTR6FH all versions" }, { "status": "affected", "version": "APR-nTR12FH all versions" }, { "status": "affected", "version": "APR-nTR20FH(n=1,2) all versions" } ] }, { "product": "MR-JE-C", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "MR-J4-TM", "vendor": "Mitsubishi Electric", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "datePublic": "2020-09-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-342", "description": "PREDICTABLE EXACT VALUE FROM PREVIOUS VALUES CWE-342", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-05T17:19:17", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01" } ], "source": { "advisory": "ICSA-20-245-01", "discovery": "UNKNOWN" }, "title": "Mitsubishi Electric Multiple Products", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-09-01T16:00:00.000Z", "ID": "CVE-2020-16226", "STATE": "PUBLIC", "TITLE": "Mitsubishi Electric Multiple Products" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "QJ71MES96", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "QJ71WS96", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "Q06CCPU-V", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "Q24DHCCPU-V", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "Q24DHCCPU-VG", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "R12CCPU-V", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "RD55UP06-V,", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "D55UP12-V", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "RJ71GN11-T2", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "RJ71EN71", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "QJ71E71-100", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "LJ71E71-100", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "QJ71MT91", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "RD78Gn(n=4,8,16,32,64)", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "RD78GHV", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "RD78GHW", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "NZ2GACP620-60", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "NZ2GACP620-300", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "NZ2FT-MT", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "NZ2FT-EIP", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "Q03UDECPU", "version": { "version_data": [ { "version_affected": "=", "version_value": "the first 5 digits of serial number 22081 and prior" } ] } }, { "product_name": "QnUDEHCPU(n=04/06/10/13/20/26/50/100)", "version": { "version_data": [ { "version_affected": "=", "version_value": "the first 5 digits of serial number 22081 and prior" } ] } }, { "product_name": "QnUDVCPU(n=03/04/06/13/26)", "version": { "version_data": [ { "version_affected": "=", "version_value": "the first 5 digits of serial number 22031 and prior" } ] } }, { "product_name": "QnUDPVCPU(n=04/06/13/2)", "version": { "version_data": [ { "version_affected": "=", "version_value": "the first 5 digits of serial number 22031 and prior" } ] } }, { "product_name": "LnCPU(-P)(n=02/06/26)", "version": { "version_data": [ { "version_affected": "=", "version_value": "the first 5 digits of serial number 22051 and prior" } ] } }, { "product_name": "L26CPU-(P)BT", "version": { "version_data": [ { "version_affected": "=", "version_value": "the first 5 digits of serial number 22051 and prior" } ] } }, { "product_name": "RnCPU(n=00/01/02)", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "Version 18 and prior" } ] } }, { "product_name": "RnCPU(n=04/08/16/32/120)", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "Version 50 and prior" } ] } }, { "product_name": "RnENCPU(n=04/08/16/32/120)", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "Version 50 and prior" } ] } }, { "product_name": "RnSFCPU (n=08/16/32/120)", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "RnPCPU(n=08/16/32/120)", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "RnPSFCPU(n=08/16/32/120)", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FX5U(C)-**M*/**", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "Serial number 17X**** or later: Version 1.210 and prior" }, { "version_affected": "\u003c", "version_value": "Serial number 179**** and prior: Version 1.070 and prior" } ] } }, { "product_name": "FX5UC-32M*/**-TS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "Version 1.210 and prior" } ] } }, { "product_name": "FX5UJ-**M*/**", "version": { "version_data": [ { "version_affected": "=", "version_value": "Version 1.000" } ] } }, { "product_name": "FX5-ENET", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FX5-ENET/IP", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FX3U-ENET-ADP", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FX3GE-**M*/**", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FX3U-ENET", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FX3U-ENET-L", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FX3U-ENET-P502", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FX5-CCLGN-MS", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "IU1-1M20-D", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "LE7-40GU-L", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "GOT2000 Series GT21 Model", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "GS Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "GOT1000 Series GT14 Model", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "GT25-J71GN13-T2", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FR-A800-E Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FR-F800-E Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "FR-A8NCG", "version": { "version_data": [ { "version_affected": "=", "version_value": "Production date August 2020 and prior" } ] } }, { "product_name": "FR-E800-EPA Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "Production date July 2020 and prior" } ] } }, { "product_name": "FR-E800-EPB Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "Production date July 2020 and prior" } ] } }, { "product_name": "Conveyor Tracking Application", "version": { "version_data": [ { "version_affected": "=", "version_name": "APR-nTR3FH", "version_value": "all versions" }, { "version_affected": "=", "version_name": "APR-nTR6FH", "version_value": "all versions" }, { "version_affected": "=", "version_name": "APR-nTR12FH", "version_value": "all versions" }, { "version_affected": "=", "version_name": "APR-nTR20FH(n=1,2)", "version_value": "all versions" } ] } }, { "product_name": "MR-JE-C", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } }, { "product_name": "MR-J4-TM", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } } ] }, "vendor_name": "Mitsubishi Electric" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "PREDICTABLE EXACT VALUE FROM PREVIOUS VALUES CWE-342" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01" } ] }, "source": { "advisory": "ICSA-20-245-01", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-16226", "datePublished": "2020-10-05T17:19:17.358565Z", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2024-09-17T00:25:38.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }