CVE-2019-13555

In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-19-311-01	Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-19-311-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mitsubishielectric:q03\/04\/06\/13\/26udvcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q03\/04\/06\/13\/26udvcpu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:mitsubishielectric:q04\/06\/13\/26udpvcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q04\/06\/13\/26udpvcpu:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:mitsubishielectric:q03udecpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q03udecpu:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:mitsubishielectric:q04\/06\/10\/13\/20\/26\/50\/100udehcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:q04\/06\/10\/13\/20\/26\/50\/100udehcpu:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:mitsubishielectric:l02\/06\/26cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l02\/06\/26cpu:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:mitsubishielectric:l26cpu-bt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:mitsubishielectric:l02\/06\/26cpu-p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l02\/06\/26cpu-p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:mitsubishielectric:l26cpu-pbt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l26cpu-pbt:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:mitsubishielectric:l02\/06\/26cpu-cm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l02\/06\/26cpu-cm:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:mitsubishielectric:l26cpu-bt-cm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:l26cpu-bt-cm:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:25

Type	Values Removed	Values Added
References	~~() https://www.us-cert.gov/ics/advisories/icsa-19-311-01 - Third Party Advisory, US Government Resource~~	() https://www.us-cert.gov/ics/advisories/icsa-19-311-01 - Third Party Advisory, US Government Resource

Information

Published : 2019-11-13 23:15

Updated : 2024-11-21 04:25

NVD link : CVE-2019-13555

Mitre link : CVE-2019-13555

CVE.ORG link : CVE-2019-13555

JSON object : View

Products Affected

mitsubishielectric

l02\/06\/26cpu_firmware
q03\/04\/06\/13\/26udvcpu_firmware
q03udecpu
l26cpu-pbt
l26cpu-bt-cm
q03\/04\/06\/13\/26udvcpu
q04\/06\/13\/26udpvcpu
q04\/06\/10\/13\/20\/26\/50\/100udehcpu
l26cpu-bt
q04\/06\/13\/26udpvcpu_firmware
l02\/06\/26cpu-p
l26cpu-pbt_firmware
l02\/06\/26cpu-cm
l02\/06\/26cpu
l02\/06\/26cpu-cm_firmware
q04\/06\/10\/13\/20\/26\/50\/100udehcpu_firmware
l26cpu-bt-cm_firmware
q03udecpu_firmware
l26cpu-bt_firmware
l02\/06\/26cpu-p_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-13555

5.9^/10

4.3^/10

Attach tags to `CVE-2019-13555`