var-201905-1060
Vulnerability from variot
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan's Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following MELSEC-Q series PLCs are affected: QJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qj71e71-100",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "20121"
},
{
"model": "qj71e71-100",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishi electric",
"version": "( above the serial number 5 digits 20121 previous version )"
},
{
"model": "electric melsec-q series plcs j71e71-100 serial number",
"scope": "lte",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "\u003c=20121"
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20121"
},
{
"model": "electric qj71e71-100",
"scope": "eq",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "18072"
},
{
"model": "electric qj71e71-100",
"scope": "ne",
"trust": 0.3,
"vendor": "mitsubishi",
"version": "20122"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20121",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Younes Dragoni and Alessandro Di Pinto of Nozomi Networks,Younes Dragoni and Alessandro Di Pinto of Nozomi Networks reported this vulnerability to Mitsubishi and NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-003963",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16527",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142577",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-003963",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10977",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2019-003963",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-16527",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-839",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142577",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan\u0027s Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following MELSEC-Q series PLCs are affected:\nQJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "VULHUB",
"id": "VHN-142577"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10977",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-141-02",
"trust": 2.8
},
{
"db": "BID",
"id": "108419",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU93268101",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-16527",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1867",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142577",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
]
},
"id": "VAR-201905-1060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
}
]
},
"last_update_date": "2023-12-18T12:00:06.789000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u304a\u554f\u3044\u5408\u308f\u305b | \u4e09\u83f1\u96fb\u6a5f FA",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/fa/support/purchase/index.html"
},
{
"title": "Patch for MitsubishiElectricMELSEC-QSeriesPLCs Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/163035"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/108419"
},
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-141-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10977"
},
{
"trust": 0.9,
"url": "http://www.mitsubishi-automation.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10977"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93268101/"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-10977"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1867/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"db": "VULHUB",
"id": "VHN-142577"
},
{
"db": "BID",
"id": "108419"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"date": "2019-05-23T00:00:00",
"db": "VULHUB",
"id": "VHN-142577"
},
{
"date": "2019-05-21T00:00:00",
"db": "BID",
"id": "108419"
},
{
"date": "2019-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"date": "2019-05-23T14:29:07.610000",
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"date": "2019-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16527"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142577"
},
{
"date": "2019-05-21T00:00:00",
"db": "BID",
"id": "108419"
},
{
"date": "2019-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003963"
},
{
"date": "2020-10-02T13:33:12.300000",
"db": "NVD",
"id": "CVE-2019-10977"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Mitsubishi Electric MELSEC-Q series Ethernet Service operation interruption in the interface unit (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-839"
}
],
"trust": 0.6
}
}
Loading...