Vulnerability-Lookup

CVE-2024-0803 (GCVE-0-2024-0803)

Vulnerability from cvelistv5 – Published: 2024-03-14 23:59 – Updated: 2024-08-27 19:56

Summary

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

Mitsubishi

References

3 references

URL	Tags
https://www.mitsubishielectric.com/en/psirt/vulne…	vendor-advisory
https://jvn.jp/vu/JVNVU99690199/	government-resource
https://www.cisa.gov/news-events/ics-advisories/i…	government-resource

Impacted products

26 products

Vendor	Product	Version
Mitsubishi Electric Corporation	MELSEC-Q Series Q03UDECPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q04UDEHCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q06UDEHCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q10UDEHCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q13UDEHCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q20UDEHCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q26UDEHCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q50UDEHCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q100UDEHCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q03UDVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q04UDVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q06UDVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q13UDVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q26UDVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q04UDPVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q06UDPVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q13UDPVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-Q Series Q26UDPVCPU	Affected: The first 5 digits of serial No. "26061" and prior
Mitsubishi Electric Corporation	MELSEC-L Series L02CPU	Affected: The first 5 digits of serial No. "26041" and prior
Mitsubishi Electric Corporation	MELSEC-L Series L06CPU	Affected: The first 5 digits of serial No. "26041" and prior
Mitsubishi Electric Corporation	MELSEC-L Series L26CPU	Affected: The first 5 digits of serial No. "26041" and prior
Mitsubishi Electric Corporation	MELSEC-L Series L02CPU-P	Affected: The first 5 digits of serial No. "26041" and prior
Mitsubishi Electric Corporation	MELSEC-L Series L06CPU-P	Affected: The first 5 digits of serial No. "26041" and prior
Mitsubishi Electric Corporation	MELSEC-L Series L26CPU-P	Affected: The first 5 digits of serial No. "26041" and prior
Mitsubishi Electric Corporation	MELSEC-L Series L26CPU-BT	Affected: The first 5 digits of serial No. "26041" and prior
Mitsubishi Electric Corporation	MELSEC-L Series L26CPU-PBT	Affected: The first 5 digits of serial No. "26041" and prior

Date Public

2024-03-14 03:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:18.751Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU99690199/"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q03udecpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q04udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q06udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q10udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q13udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q20udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q26udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q50udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q-q100udehcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q03udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q04udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q06udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q13udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q26udvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q06udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q13udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_q26udpvcpu",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26061",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "l02cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l06cpu\\(-p\\)",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu\\(-p\\)",
            "vendor": "mitsubishi",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l02cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l06cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu-p",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "l26cpu-bt",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_l26cpu-pbt",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThan": "xxxxx26041",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-15T16:35:33.077868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T19:56:00.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDECPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q10UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q20UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q50UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q100UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26061\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L02CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L06CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L02CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L06CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-BT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-PBT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "The first 5 digits of serial No. \"26041\" and prior"
            }
          ]
        }
      ],
      "datePublic": "2024-03-14T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
            }
          ],
          "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote Code Execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T00:03:42.189Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU99690199/"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2024-0803",
    "datePublished": "2024-03-14T23:59:20.916Z",
    "dateReserved": "2024-01-23T00:04:40.735Z",
    "dateUpdated": "2024-08-27T19:56:00.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-0803",
      "date": "2026-05-27",
      "epss": "0.00425",
      "percentile": "0.624"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de desbordamiento de enteros o envoltura en los m\\u00f3dulos de CPU de las series MELSEC-Q y MELSEC-L de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado ejecute c\\u00f3digo malicioso en un producto objetivo enviando un paquete especialmente manipulado.\"}]",
      "id": "CVE-2024-0803",
      "lastModified": "2024-11-21T08:47:24.483",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-03-15T01:15:57.997",
      "references": "[{\"url\": \"https://jvn.jp/vu/JVNVU99690199/\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"}, {\"url\": \"https://jvn.jp/vu/JVNVU99690199/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0803\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2024-03-15T01:15:57.997\",\"lastModified\":\"2024-11-21T08:47:24.483\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de desbordamiento de enteros o envoltura en los m\u00f3dulos de CPU de las series MELSEC-Q y MELSEC-L de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado ejecute c\u00f3digo malicioso en un producto objetivo enviando un paquete especialmente manipulado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU99690199/\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://jvn.jp/vu/JVNVU99690199/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU99690199/\", \"tags\": [\"government-resource\", \"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14\", \"tags\": [\"government-resource\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:18:18.751Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0803\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-15T16:35:33.077868Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q03udecpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q04udehcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q06udehcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q10udehcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q13udehcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q20udehcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q26udehcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q50udehcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_q-q100udehcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_q03udvcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_q04udvcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_q06udvcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_q13udvcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_q26udvcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_q06udpvcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_q13udpvcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_q26udpvcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26061\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"l02cpu-p\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26041\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_l06cpu\\\\(-p\\\\):-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_l06cpu\\\\(-p\\\\)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26041\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishi:melsec_l26cpu\\\\(-p\\\\):-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishi\", \"product\": \"melsec_l26cpu\\\\(-p\\\\)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26041\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_l02cpu-p\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26041\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_l06cpu-p\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26041\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_l26cpu-p\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26041\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"l26cpu-bt\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26041\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_l26cpu-pbt\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"xxxxx26041\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-27T19:55:47.034Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Remote Code Execution\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q03UDECPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q04UDEHCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q06UDEHCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q10UDEHCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q13UDEHCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q20UDEHCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q26UDEHCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q50UDEHCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q100UDEHCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q03UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q04UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q06UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q13UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q26UDVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q04UDPVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q06UDPVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q13UDPVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-Q Series Q26UDPVCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26061\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-L Series L02CPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26041\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-L Series L06CPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26041\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-L Series L26CPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26041\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-L Series L02CPU-P\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26041\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-L Series L06CPU-P\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26041\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-L Series L26CPU-P\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26041\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-L Series L26CPU-BT\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26041\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC-L Series L26CPU-PBT\", \"versions\": [{\"status\": \"affected\", \"version\": \"The first 5 digits of serial No. \\\"26041\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-03-14T03:00:00.000Z\", \"references\": [{\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU99690199/\", \"tags\": [\"government-resource\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"shortName\": \"Mitsubishi\", \"dateUpdated\": \"2024-06-14T00:03:42.189Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0803\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-27T19:56:00.797Z\", \"dateReserved\": \"2024-01-23T00:04:40.735Z\", \"assignerOrgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"datePublished\": \"2024-03-14T23:59:20.916Z\", \"assignerShortName\": \"Mitsubishi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-0803

Vulnerability from fkie_nvd - Published: 2024-03-15 01:15 - Updated: 2026-04-15 00:35

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://jvn.jp/vu/JVNVU99690199/
	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU99690199/
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
	af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de desbordamiento de enteros o envoltura en los m\u00f3dulos de CPU de las series MELSEC-Q y MELSEC-L de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado ejecute c\u00f3digo malicioso en un producto objetivo enviando un paquete especialmente manipulado."
    }
  ],
  "id": "CVE-2024-0803",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-15T01:15:57.997",
  "references": [
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "url": "https://jvn.jp/vu/JVNVU99690199/"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jvn.jp/vu/JVNVU99690199/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
    }
  ],
  "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "type": "Secondary"
    }
  ]
}

GHSA-PF86-QC75-C29X

Vulnerability from github – Published: 2024-03-15 03:30 – Updated: 2024-03-15 03:30

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-0803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-15T01:15:57Z",
    "severity": "CRITICAL"
  },
  "details": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.",
  "id": "GHSA-pf86-qc75-c29x",
  "modified": "2024-03-15T03:30:52Z",
  "published": "2024-03-15T03:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0803"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU99690199"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-0803

Vulnerability from gsd - Updated: 2024-01-23 06:02

Details

Aliases

CVE-2024-0803

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-0803"
      ],
      "details": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.",
      "id": "GSD-2024-0803",
      "modified": "2024-01-23T06:02:20.309856Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "ID": "CVE-2024-0803",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MELSEC-Q Series Q03UDECPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q04UDEHCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q06UDEHCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q10UDEHCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q13UDEHCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q20UDEHCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q26UDEHCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q50UDEHCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q100UDEHCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q03UDVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q04UDVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q06UDVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q13UDVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q26UDVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q04UDPVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q06UDPVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q13UDPVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-Q Series Q26UDPVCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-L Series L02CPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-L Series L06CPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-L Series L26CPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-L Series L02CPU-P",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-L Series L06CPU-P",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-L Series L26CPU-P",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-L Series L26CPU-BT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC-L Series L26CPU-PBT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mitsubishi Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-190",
                "lang": "eng",
                "value": "CWE-190 Integer Overflow or Wraparound"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU99690199/",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU99690199/"
          },
          {
            "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de desbordamiento de enteros o envoltura en los m\u00f3dulos de CPU de las series MELSEC-Q y MELSEC-L de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado ejecute c\u00f3digo malicioso en un producto objetivo enviando un paquete especialmente manipulado."
          }
        ],
        "id": "CVE-2024-0803",
        "lastModified": "2024-03-15T12:53:06.423",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-15T01:15:57.997",
        "references": [
          {
            "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "url": "https://jvn.jp/vu/JVNVU99690199/"
          },
          {
            "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
          },
          {
            "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
          }
        ],
        "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-190"
              }
            ],
            "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ICSA-24-074-14

Vulnerability from csaf_cisa - Published: 2024-03-14 06:00 - Updated: 2024-06-13 06:00

Summary

Mitsubishi Electric MELSEC-Q/L Series (Update B)

Notes

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: Successful exploitation of these vulnerabilities could allow a remote attacker to be able to read arbitrary information or execute malicious code on a target product by sending a specially crafted packet.

Critical infrastructure sectors: Critical Manufacturing

Countries/areas deployed: Worldwide

Company headquarters location: Japan

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

CVE-2024-0802

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-468 - Incorrect Pointer Scaling

Affected products

Known affected 22 products

CVE-2024-0803

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 22 products

CVE-2024-1915

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-468 - Incorrect Pointer Scaling

Affected products

Known affected 22 products

CVE-2024-1916

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 22 products

CVE-2024-1917

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 22 products

References

16 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external
https://www.cisa.gov/uscert/sites/default/files/p…	external
https://www.cisa.gov/uscert/ncas/tips/ST04-014	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external

Acknowledgments

Positive Technologies Anton Dorfman

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Anton Dorfman"
        ],
        "organization": "Positive Technologies",
        "summary": "reporting these vulnerabilities to Mitsubishi Electric"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow a remote attacker to be able to read arbitrary information or execute malicious code on a target product by sending a specially crafted packet.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-074-14 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-074-14.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-074-14 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Mitsubishi Electric MELSEC-Q/L Series (Update B)",
    "tracking": {
      "current_release_date": "2024-06-13T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-074-14",
      "initial_release_date": "2024-03-14T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-03-14T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2024-05-16T06:00:00.000000Z",
          "legacy_version": "Update A",
          "number": "2",
          "summary": "Update A - Update to the affected products and mitigations"
        },
        {
          "date": "2024-06-13T06:00:00.000000Z",
          "legacy_version": "Update B",
          "number": "3",
          "summary": "Update B - Update to the affected products and mitigations"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q03UDECPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q03UDECPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q04UDEHCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q04UDEHCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q06UDEHCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q06UDEHCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q10UDEHCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q10UDEHCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q13UDEHCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q13UDEHCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q20UDEHCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q20UDEHCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q26UDEHCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q26UDEHCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q50UDEHCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q50UDEHCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q100UDEHCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q100UDEHCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q03UDVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q03UDVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q04UDVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q04UDVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q06UDVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0012"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q06UDVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q13UDVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q13UDVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q26UDVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q26UDVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q04UDPVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q04UDPVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q06UDPVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q06UDPVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q13UDPVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q13UDPVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26061\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-Q Series Q26UDPVCPU: \u003c=The_first_5_digits_of_serial_No._\"26061\"",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-Q Series Q26UDPVCPU"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26041\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-L Series L02CPU(-P): \u003c=The_first_5_digits_of_serial_No._\"26041\"",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-L Series L02CPU(-P)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26041\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-L Series L06CPU(-P): \u003c=The_first_5_digits_of_serial_No._\"26041\"",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-L Series L06CPU(-P)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26041\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-L Series L26CPU(-P): \u003c=The_first_5_digits_of_serial_No._\"26041\"",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-L Series L26CPU(-P)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=The_first_5_digits_of_serial_No._\"26041\"",
                "product": {
                  "name": "Mitsubishi Electric MELSEC-L Series L26CPU-(P)BT: \u003c=The_first_5_digits_of_serial_No._\"26041\"",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC-L Series L26CPU-(P)BT"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0802",
      "cwe": {
        "id": "CWE-468",
        "name": "Incorrect Pointer Scaling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Mitsubishi Electric MELSEC-Q/L Series a remote attacker may be able to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0802"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric released the fixed version of the product:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "MELSEC-Q Series Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q03/04/06/13/26UDVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q04/06/13/26UDPVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-L Series L02/06/26CPU(-P), L26CPU-(P)BT: firmware versions where the first 5 digits of serial No. \"26042\" or later",
          "product_ids": [
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that users consider replacing with MELSEC iQ-R Series.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict physical access to the affected product as well as to the personal computers and the network devices that can communicate with it.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Install antivirus software on your personal computer that can access the affected product.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "For specific additional details, see Mitsubishi Electric advisory 2023-024.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2024-0803",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Mitsubishi Electric MELSEC-Q/L Series a remote attacker may be able to execute malicious code on a target product by sending a specially crafted packet",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0803"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric released the fixed version of the product:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "MELSEC-Q Series Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q03/04/06/13/26UDVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q04/06/13/26UDPVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-L Series L02/06/26CPU(-P), L26CPU-(P)BT: firmware versions where the first 5 digits of serial No. \"26042\" or later",
          "product_ids": [
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that users consider replacing with MELSEC iQ-R Series.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict physical access to the affected product as well as to the personal computers and the network devices that can communicate with it.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Install antivirus software on your personal computer that can access the affected product.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "For specific additional details, see Mitsubishi Electric advisory 2023-024.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2024-1915",
      "cwe": {
        "id": "CWE-468",
        "name": "Incorrect Pointer Scaling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Mitsubishi Electric MELSEC-Q/L Series a remote attacker may be able to execute malicious code on a target product by sending a specially crafted packet",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1915"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric released the fixed version of the product:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "MELSEC-Q Series Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q03/04/06/13/26UDVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q04/06/13/26UDPVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-L Series L02/06/26CPU(-P), L26CPU-(P)BT: firmware versions where the first 5 digits of serial No. \"26042\" or later",
          "product_ids": [
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that users consider replacing with MELSEC iQ-R Series.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict physical access to the affected product as well as to the personal computers and the network devices that can communicate with it.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Install antivirus software on your personal computer that can access the affected product.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "For specific additional details, see Mitsubishi Electric advisory 2023-024.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2024-1916",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Mitsubishi Electric MELSEC-Q/L Series a remote attacker may be able to execute malicious code on a target product by sending a specially crafted packet",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1916"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric released the fixed version of the product:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "MELSEC-Q Series Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q03/04/06/13/26UDVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q04/06/13/26UDPVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-L Series L02/06/26CPU(-P), L26CPU-(P)BT: firmware versions where the first 5 digits of serial No. \"26042\" or later",
          "product_ids": [
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that users consider replacing with MELSEC iQ-R Series.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict physical access to the affected product as well as to the personal computers and the network devices that can communicate with it.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Install antivirus software on your personal computer that can access the affected product.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "For specific additional details, see Mitsubishi Electric advisory 2023-024.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2024-1917",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Mitsubishi Electric MELSEC-Q/L Series a remote attacker may be able to execute malicious code on a target product by sending a specially crafted packet",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1917"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric released the fixed version of the product:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "MELSEC-Q Series Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q03/04/06/13/26UDVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-Q Series Q04/06/13/26UDPVCPU: firmware versions where the first 5 digits of serial No. \"26062\" or later",
          "product_ids": [
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC-L Series L02/06/26CPU(-P), L26CPU-(P)BT: firmware versions where the first 5 digits of serial No. \"26042\" or later",
          "product_ids": [
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that users consider replacing with MELSEC iQ-R Series.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that customers take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict physical access to the affected product as well as to the personal computers and the network devices that can communicate with it.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "Install antivirus software on your personal computer that can access the affected product.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "For specific additional details, see Mitsubishi Electric advisory 2023-024.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Product	Version	Remediation
Mitsubishi Electric MELSEC-Q Series Q03UDECPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q03UDECPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q04UDEHCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q04UDEHCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q06UDEHCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q06UDEHCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q10UDEHCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q10UDEHCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q13UDEHCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q13UDEHCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q20UDEHCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q20UDEHCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q26UDEHCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q26UDEHCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q50UDEHCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q50UDEHCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q100UDEHCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q100UDEHCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Vendor Fix Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q03UDVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q03UDVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q04UDVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q04UDVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q06UDVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q06UDVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q13UDVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q13UDVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q26UDVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q26UDVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q04UDPVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q04UDPVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q06UDPVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q06UDPVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q13UDPVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q13UDPVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-Q Series Q26UDPVCPU: <=The_first_5_digits_of_serial_No._"26061" Mitsubishi Electric / MELSEC-Q Series Q26UDPVCPU	<=The_first_5_digits_of_serial_No._"26061"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-L Series L02CPU(-P): <=The_first_5_digits_of_serial_No._"26041" Mitsubishi Electric / MELSEC-L Series L02CPU(-P)	<=The_first_5_digits_of_serial_No._"26041"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-L Series L06CPU(-P): <=The_first_5_digits_of_serial_No._"26041" Mitsubishi Electric / MELSEC-L Series L06CPU(-P)	<=The_first_5_digits_of_serial_No._"26041"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-L Series L26CPU(-P): <=The_first_5_digits_of_serial_No._"26041" Mitsubishi Electric / MELSEC-L Series L26CPU(-P)	<=The_first_5_digits_of_serial_No._"26041"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix
Mitsubishi Electric MELSEC-L Series L26CPU-(P)BT: <=The_first_5_digits_of_serial_No._"26041" Mitsubishi Electric / MELSEC-L Series L26CPU-(P)BT	<=The_first_5_digits_of_serial_No._"26041"	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix

Action not permitted

CVE-2024-0803 (GCVE-0-2024-0803)

FKIE_CVE-2024-0803

GHSA-PF86-QC75-C29X

GSD-2024-0803

ICSA-24-074-14

Tags

Sightings

Nomenclature