FKIE_CVE-2019-13555

Vulnerability from fkie_nvd - Published: 2019-11-13 23:15 - Updated: 2024-11-21 04:25
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.
References
ics-cert@hq.dhs.govhttps://www.us-cert.gov/ics/advisories/icsa-19-311-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.us-cert.gov/ics/advisories/icsa-19-311-01Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
mitsubishielectric q03\/04\/06\/13\/26udvcpu_firmware *
mitsubishielectric q03\/04\/06\/13\/26udvcpu -
mitsubishielectric q04\/06\/13\/26udpvcpu_firmware *
mitsubishielectric q04\/06\/13\/26udpvcpu -
mitsubishielectric q03udecpu_firmware *
mitsubishielectric q03udecpu -
mitsubishielectric q04\/06\/10\/13\/20\/26\/50\/100udehcpu_firmware *
mitsubishielectric q04\/06\/10\/13\/20\/26\/50\/100udehcpu -
mitsubishielectric l02\/06\/26cpu_firmware *
mitsubishielectric l02\/06\/26cpu -
mitsubishielectric l26cpu-bt_firmware *
mitsubishielectric l26cpu-bt -
mitsubishielectric l02\/06\/26cpu-p_firmware *
mitsubishielectric l02\/06\/26cpu-p -
mitsubishielectric l26cpu-pbt_firmware *
mitsubishielectric l26cpu-pbt -
mitsubishielectric l02\/06\/26cpu-cm_firmware *
mitsubishielectric l02\/06\/26cpu-cm -
mitsubishielectric l26cpu-bt-cm_firmware *
mitsubishielectric l26cpu-bt-cm -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:q03\\/04\\/06\\/13\\/26udvcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3FFA52F-3934-465F-B9E6-615ABE53DCE2",
              "versionEndIncluding": "21081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:q03\\/04\\/06\\/13\\/26udvcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BADFAFAD-D3A2-4802-BB8B-46340D3D9550",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:q04\\/06\\/13\\/26udpvcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DD8BA5-CFE9-4CE2-9FB4-03588EA7CE76",
              "versionEndIncluding": "21081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:q04\\/06\\/13\\/26udpvcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F44F9695-BD0E-48E8-B0B4-5BF6DF07B612",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:q03udecpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9E2B6C-0039-447A-8513-01D84C44AC06",
              "versionEndIncluding": "21081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:q03udecpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "946DA26E-A6B2-46F6-BA81-A92133124823",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:q04\\/06\\/10\\/13\\/20\\/26\\/50\\/100udehcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "092CBA40-1034-4E91-9576-01895AF686ED",
              "versionEndIncluding": "21081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:q04\\/06\\/10\\/13\\/20\\/26\\/50\\/100udehcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C545FF-8695-4F1C-BAD7-EFF6731908D2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:l02\\/06\\/26cpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF8CDCC-8A45-449B-84A7-417ADF536199",
              "versionEndIncluding": "21101",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:l02\\/06\\/26cpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9358A26E-5619-429F-B446-D6F7E9914889",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-bt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C33950-5B33-4315-88D9-4B8107847ECD",
              "versionEndIncluding": "21101",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3966C103-5181-49E3-878F-A0AF9F1DBA76",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:l02\\/06\\/26cpu-p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFAA052-A72F-401D-91BC-6D8276A11D6D",
              "versionEndIncluding": "21101",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:l02\\/06\\/26cpu-p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "069CB556-4AEB-43E0-91AC-1A69F2C833D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-pbt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529865-DB4B-4A94-B950-79F01D92F7CB",
              "versionEndIncluding": "21101",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-pbt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A60BE93D-B60D-4F45-ACD3-7B64C0C45D83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:l02\\/06\\/26cpu-cm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9CE2836-0F6F-4C78-A5EC-547E9409E31E",
              "versionEndIncluding": "21101",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:l02\\/06\\/26cpu-cm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "93AE7089-00AD-412A-82F5-892421130C18",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-bt-cm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9A4ABB1-4BEA-474A-9215-968825B12B7A",
              "versionEndIncluding": "21101",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-bt-cm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "553A2CEB-5528-4A9E-800E-D91E5A3C49AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules."
    },
    {
      "lang": "es",
      "value": "En Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: n\u00famero de serie 21081 y anterior, Q04/06/13/26UDPVCPU: n\u00famero de serie 21081 y anterior, y Q04/06/10/13/20/26/50/100UDEHCPU: n\u00famero de serie 21081 y anterior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: n\u00famero de serie 21101 y anterior, L02/06/26CPU-P, L26CPU-PBT: n\u00famero de serie 21101 y anterior, y L02/06/26CPU-CM, L26CPU-BT-CM: n\u00famero de serie 21101 y anterior, un atacante remoto puede causar que el servicio FTP ingrese en una condici\u00f3n de denegaci\u00f3n de servicio dependiendo de la sincronizaci\u00f3n en la que un atacante remoto conecta con el Servidor FTP en los m\u00f3dulos de CPU anteriores."
    }
  ],
  "id": "CVE-2019-13555",
  "lastModified": "2024-11-21T04:25:08.387",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-13T23:15:11.327",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.