github - ghsa-jgg2-5cv9-85wh

ghsa-jgg2-5cv9-85wh

Vulnerability from github

Published

2024-10-18 00:31

Modified

2024-10-18 00:31

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-17T22:15:03Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.",
  "id": "GHSA-jgg2-5cv9-85wh",
  "modified": "2024-10-18T00:31:16Z",
  "published": "2024-10-18T00:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7316"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU92054409/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-7316

Vulnerability from cvelistv5

Published

2024-10-17 21:52

Modified

2024-10-18 20:09

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series

References

▼	URL	Tags
	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf	vendor-advisory
	https://jvn.jp/vu/JVNVU92054409/index.html	government-resource
	https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03	government-resource

Impacted products

▼	Vendor	Product
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M800V Series M800VW
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M800V Series M800VS
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M80V Series M80V
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M80V Series M80VW
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M800 Series M800W
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M800 Series M800S
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M80 Series M80
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M80 Series M80W
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC E80 Series E80
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC C80 Series C80
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M700V Series M720VW
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M700V Series M730VW
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M700V Series M750VW
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M700V Series M720VS
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M700V Series M730VS
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M700V Series M750VS
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC M70V Series M70V
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC E70 Series E70
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC Software Tools NC Trainer2
	Mitsubishi Electric Corporation	Mitsubishi Electric CNC Software Tools NC Trainer2 plus

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7316",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T20:09:24.254479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T20:09:37.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M800V Series M800VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2051W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M800V Series M800VS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2052W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M80V Series M80V",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2053W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M80V Series M80VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2054W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M800 Series M800W",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2005W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M800 Series M800S",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2006W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M80 Series M80",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2007W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M80 Series M80W",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2008W000all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC E80 Series E80",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2009W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC C80 Series C80",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-2036W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M700V Series M720VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1015W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M700V Series M730VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1015W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M700V Series M750VW",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1015W002 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M700V Series M720VS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1012W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M700V Series M730VS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1012W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M700V Series M750VS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1012W002 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC M70V Series M70V",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1018W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC E70 Series E70",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1022W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC Software Tools NC Trainer2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1802W000 all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mitsubishi Electric CNC Software Tools NC Trainer2 plus",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "System Number BND-1803W000 all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop."
            }
          ],
          "value": "Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service (DoS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-17T21:52:22.864Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-007_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU92054409/index.html"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2024-7316",
    "datePublished": "2024-10-17T21:52:22.864Z",
    "dateReserved": "2024-07-30T22:11:46.399Z",
    "dateUpdated": "2024-10-18T20:09:37.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted