CVE-2019-6535 (GCVE-0-2019-6535)

Vulnerability from cvelistv5 – Published: 2019-02-05 19:00 – Updated: 2025-06-26 17:08
VLAI?
Summary
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Mitsubishi Electric Q03/04/06/13/26UDVCPU Affected: 0 , ≤ serial number 20081 (custom)
Create a notification for this product.
Credits
Tri Quach of Amazon's Customer Fulfillment Technology Security (CFTS) group reported this vulnerability to the National Cybersecurity and Communications Integration Center (NCCIC).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:21.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106771",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106771"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Q03/04/06/13/26UDVCPU",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "serial number 20081",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Q04/06/13/26UDPVCPU",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "serial number 20081",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "lessThanOrEqual": "serial number 20101",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tri Quach of Amazon\u0027s Customer Fulfillment Technology Security (CFTS) group reported this vulnerability to the National Cybersecurity and Communications Integration Center (NCCIC)."
        }
      ],
      "datePublic": "2019-01-29T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\nMitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.\n\n\u003c/p\u003e"
            }
          ],
          "value": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-26T17:08:15.995Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "106771",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106771"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMitsubishi Electric has produced a new version of the firmware. Additional information about this vulnerability or Mitsubishi Electric\u0027s compensating control is available by contacting a local Mitsubishi Electric representative, which can be found at the following location: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://us.mitsubishielectric.com/fa/en/about-us/distributors\"\u003ehttps://us.mitsubishielectric.com/fa/en/about-us/distributors\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMitsubishi Electric strongly recommends users should operate the affected device behind a firewall.\u003c/p\u003e"
            }
          ],
          "value": "Mitsubishi Electric has produced a new version of the firmware. Additional information about this vulnerability or Mitsubishi Electric\u0027s compensating control is available by contacting a local Mitsubishi Electric representative, which can be found at the following location:  https://us.mitsubishielectric.com/fa/en/about-us/distributors \n\nMitsubishi Electric strongly recommends users should operate the affected device behind a firewall."
        }
      ],
      "source": {
        "advisory": "ICSA-19-029-02",
        "discovery": "EXTERNAL"
      },
      "title": "Mitsubishi Electric MELSEC-Q Series PLCs Resource Exhaustion",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2019-01-29T00:00:00",
          "ID": "CVE-2019-6535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICS-CERT"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106771",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106771"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-6535",
    "datePublished": "2019-02-05T19:00:00Z",
    "dateReserved": "2019-01-22T00:00:00",
    "dateUpdated": "2025-06-26T17:08:15.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q03udvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"A3F6589C-3572-42CC-B880-5B2C3549474C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q03udvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0084E961-8F69-4EFE-A40E-1CF9A06453E0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q04udvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"87073025-987A-4BEF-964E-883C8E7756DA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q04udvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96E8978F-B03D-4B1F-ABBA-D817E614286C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q06udvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"EE0FDFA3-0ED9-4021-8D72-C4F69B6B3459\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q06udvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC119CA6-BFF3-4CFE-95E5-A10EEE52347F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q13udvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"28EC5DB9-D294-4B47-80A8-DD22150A95B4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q13udvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97BCF977-E6AE-443E-8348-F7E13830BC23\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q26udvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"689E8111-2B67-4032-8B63-668FF0EDEDFD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q26udvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B48AD3F4-81A2-43D2-A8B6-F7630CF4E742\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q04udpvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"AE674A26-ADB7-46F1-8732-E349B36FB19D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q04udpvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6EF53BB-1A67-4677-871A-CB73A7C58D42\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q06udpvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"15597B31-88EF-46AC-8FED-C3F0FD2D7BB7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q06udpvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"052E37E0-9D05-4EB6-ADB3-B4465A19DC0B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q13udpvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"9BC22445-3EF3-4C25-8D0D-9168D24BA6E3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q13udpvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"661C0146-FCCC-45BE-9EF6-113BD227E546\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q26udpvcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20081\", \"matchCriteriaId\": \"C6DEC53B-5BCF-463B-A9B2-33E8BDE6E62C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q26udpvcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D392BED4-C8A7-4A66-8A59-E2B569696E79\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q03udecpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"0F243D37-4DEB-4417-B293-A744752A21CB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q03udecpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"946DA26E-A6B2-46F6-BA81-A92133124823\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q04udehcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"B073F2B0-FBED-4D2D-B162-E3AF4BAFE2AD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q04udehcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82399072-1B4D-46A4-A37C-FC706915B162\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q06udehcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"405F5551-5878-4EC2-98F2-2C8738367CBB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q06udehcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"210FBF45-F646-4179-8139-E9022EA2E9AE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q10udehcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"30FA774C-8EA6-4276-AE24-DC77C9759D3B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q10udehcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E92D0D5D-E6A0-4E5D-83D9-6653E816FEF5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q13udehcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"DDA2969A-877C-44DF-8493-38F573D5F866\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q13udehcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD3ACF11-7E9F-45A0-B4C2-B804B3609791\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q20udehcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"D93EF2BD-FDFB-4475-9E4F-73235AE5FF24\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q20udehcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1696B87B-AF68-4341-9E13-E2B25FEA623A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q26udehcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"432285C7-DD4C-4C7F-AF98-3ED9D3F68185\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q26udehcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"795ED888-B01E-4EBA-8FB5-42D196169761\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q50udehcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"7844E75B-B110-4BD6-A01B-8A71317604D0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q50udehcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"401FB06F-F2F8-4C1E-B36B-4E3E4007F772\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:q100udehcpu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20101\", \"matchCriteriaId\": \"943C4F6E-AE15-4CB1-A4DE-E94E5FCFFB71\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:q100udehcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E58A172-EEAF-4211-9F3A-66CF57456AFB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash.\"}, {\"lang\": \"es\", \"value\": \"Mitsubishi Electric Q03/04/06/13/26UDVCPU: n\\u00famero de serie 20081 y anteriores, Q04/06/13/26UDPVCPU: n\\u00famero de serie 20081 y anteriores y Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: n\\u00famero de serie 20101 y anteriores. Un atacante remoto puede mandar bites espec\\u00edficos a trav\\u00e9s del puerto 5007 que resultar\\u00e1 en un cierre inesperado de la pila de ethernet.\"}]",
      "id": "CVE-2019-6535",
      "lastModified": "2024-11-21T04:46:38.847",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-02-05T19:29:00.243",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106771\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/106771\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6535\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2019-02-05T19:29:00.243\",\"lastModified\":\"2025-06-26T18:15:21.017\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.\"},{\"lang\":\"es\",\"value\":\"Mitsubishi Electric Q03/04/06/13/26UDVCPU: n\u00famero de serie 20081 y anteriores, Q04/06/13/26UDPVCPU: n\u00famero de serie 20081 y anteriores y Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: n\u00famero de serie 20101 y anteriores. Un atacante remoto puede mandar bites espec\u00edficos a trav\u00e9s del puerto 5007 que resultar\u00e1 en un cierre inesperado de la pila de ethernet.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q03udvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"A3F6589C-3572-42CC-B880-5B2C3549474C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q03udvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0084E961-8F69-4EFE-A40E-1CF9A06453E0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q04udvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"87073025-987A-4BEF-964E-883C8E7756DA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q04udvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96E8978F-B03D-4B1F-ABBA-D817E614286C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q06udvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"EE0FDFA3-0ED9-4021-8D72-C4F69B6B3459\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q06udvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC119CA6-BFF3-4CFE-95E5-A10EEE52347F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q13udvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"28EC5DB9-D294-4B47-80A8-DD22150A95B4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q13udvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97BCF977-E6AE-443E-8348-F7E13830BC23\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q26udvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"689E8111-2B67-4032-8B63-668FF0EDEDFD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q26udvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B48AD3F4-81A2-43D2-A8B6-F7630CF4E742\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q04udpvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"AE674A26-ADB7-46F1-8732-E349B36FB19D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q04udpvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6EF53BB-1A67-4677-871A-CB73A7C58D42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q06udpvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"15597B31-88EF-46AC-8FED-C3F0FD2D7BB7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q06udpvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"052E37E0-9D05-4EB6-ADB3-B4465A19DC0B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q13udpvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"9BC22445-3EF3-4C25-8D0D-9168D24BA6E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q13udpvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"661C0146-FCCC-45BE-9EF6-113BD227E546\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q26udpvcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20081\",\"matchCriteriaId\":\"C6DEC53B-5BCF-463B-A9B2-33E8BDE6E62C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q26udpvcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D392BED4-C8A7-4A66-8A59-E2B569696E79\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q03udecpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"0F243D37-4DEB-4417-B293-A744752A21CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q03udecpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"946DA26E-A6B2-46F6-BA81-A92133124823\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q04udehcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"B073F2B0-FBED-4D2D-B162-E3AF4BAFE2AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q04udehcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82399072-1B4D-46A4-A37C-FC706915B162\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q06udehcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"405F5551-5878-4EC2-98F2-2C8738367CBB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q06udehcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"210FBF45-F646-4179-8139-E9022EA2E9AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q10udehcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"30FA774C-8EA6-4276-AE24-DC77C9759D3B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q10udehcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E92D0D5D-E6A0-4E5D-83D9-6653E816FEF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q13udehcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"DDA2969A-877C-44DF-8493-38F573D5F866\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q13udehcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD3ACF11-7E9F-45A0-B4C2-B804B3609791\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q20udehcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"D93EF2BD-FDFB-4475-9E4F-73235AE5FF24\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q20udehcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1696B87B-AF68-4341-9E13-E2B25FEA623A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q26udehcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"432285C7-DD4C-4C7F-AF98-3ED9D3F68185\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q26udehcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"795ED888-B01E-4EBA-8FB5-42D196169761\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q50udehcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"7844E75B-B110-4BD6-A01B-8A71317604D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q50udehcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"401FB06F-F2F8-4C1E-B36B-4E3E4007F772\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:q100udehcpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20101\",\"matchCriteriaId\":\"943C4F6E-AE15-4CB1-A4DE-E94E5FCFFB71\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:q100udehcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E58A172-EEAF-4211-9F3A-66CF57456AFB\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106771\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://www.securityfocus.com/bid/106771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.