{"id": "CVE-2019-13555", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-11-13T23:15:11.327", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules."}, {"lang": "es", "value": "En Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: n\u00famero de serie 21081 y anterior, Q04/06/13/26UDPVCPU: n\u00famero de serie 21081 y anterior, y Q04/06/10/13/20/26/50/100UDEHCPU: n\u00famero de serie 21081 y anterior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: n\u00famero de serie 21101 y anterior, L02/06/26CPU-P, L26CPU-PBT: n\u00famero de serie 21101 y anterior, y L02/06/26CPU-CM, L26CPU-BT-CM: n\u00famero de serie 21101 y anterior, un atacante remoto puede causar que el servicio FTP ingrese en una condici\u00f3n de denegaci\u00f3n de servicio dependiendo de la sincronizaci\u00f3n en la que un atacante remoto conecta con el Servidor FTP en los m\u00f3dulos de CPU anteriores."}], "lastModified": "2019-11-18T16:32:18.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:q03\\/04\\/06\\/13\\/26udvcpu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3FFA52F-3934-465F-B9E6-615ABE53DCE2", "versionEndIncluding": "21081"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:q03\\/04\\/06\\/13\\/26udvcpu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BADFAFAD-D3A2-4802-BB8B-46340D3D9550"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:q04\\/06\\/13\\/26udpvcpu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73DD8BA5-CFE9-4CE2-9FB4-03588EA7CE76", "versionEndIncluding": "21081"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:q04\\/06\\/13\\/26udpvcpu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F44F9695-BD0E-48E8-B0B4-5BF6DF07B612"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:q03udecpu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C9E2B6C-0039-447A-8513-01D84C44AC06", "versionEndIncluding": "21081"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:q03udecpu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "946DA26E-A6B2-46F6-BA81-A92133124823"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:q04\\/06\\/10\\/13\\/20\\/26\\/50\\/100udehcpu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "092CBA40-1034-4E91-9576-01895AF686ED", "versionEndIncluding": "21081"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:q04\\/06\\/10\\/13\\/20\\/26\\/50\\/100udehcpu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C0C545FF-8695-4F1C-BAD7-EFF6731908D2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:l02\\/06\\/26cpu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AF8CDCC-8A45-449B-84A7-417ADF536199", "versionEndIncluding": "21101"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:l02\\/06\\/26cpu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9358A26E-5619-429F-B446-D6F7E9914889"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-bt_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C33950-5B33-4315-88D9-4B8107847ECD", "versionEndIncluding": "21101"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3966C103-5181-49E3-878F-A0AF9F1DBA76"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:l02\\/06\\/26cpu-p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BFAA052-A72F-401D-91BC-6D8276A11D6D", "versionEndIncluding": "21101"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:l02\\/06\\/26cpu-p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "069CB556-4AEB-43E0-91AC-1A69F2C833D9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-pbt_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F529865-DB4B-4A94-B950-79F01D92F7CB", "versionEndIncluding": "21101"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-pbt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A60BE93D-B60D-4F45-ACD3-7B64C0C45D83"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:l02\\/06\\/26cpu-cm_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9CE2836-0F6F-4C78-A5EC-547E9409E31E", "versionEndIncluding": "21101"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:l02\\/06\\/26cpu-cm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "93AE7089-00AD-412A-82F5-892421130C18"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:l26cpu-bt-cm_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9A4ABB1-4BEA-474A-9215-968825B12B7A", "versionEndIncluding": "21101"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:l26cpu-bt-cm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "553A2CEB-5528-4A9E-800E-D91E5A3C49AE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}