Vulnerabilites related to Mitsubishi Electric - MELSEC Q series
jvndb-2020-002958
Vulnerability from jvndb
Published
2020-03-31 13:37
Modified
2020-04-01 14:45
Severity ?
Summary
Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port
Details
MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400). When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition.
Mitsubishi Electric Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
| ► | Type | URL | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002958.html",
"dc:date": "2020-04-01T14:45+09:00",
"dcterms:issued": "2020-03-31T13:37+09:00",
"dcterms:modified": "2020-04-01T14:45+09:00",
"description": "MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue (CWE-400). When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition.\r\n\r\nMitsubishi Electric Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002958.html",
"sec:cpe": [
{
"#text": "cpe:/a:mitsubishielectric:melsec_f_series",
"@product": "MELSEC F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
"@product": "MELSEC L series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
"@product": "MELSEC Q series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
"@product": "MELSEC iQ-F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
"@product": "MELSEC iQ-R series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-002958",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91553662/",
"@id": "JVNVU#91553662",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5527",
"@id": "CVE-2020-5527",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5527",
"@id": "CVE-2020-5527",
"@source": "NVD"
},
{
"#text": "https://www.us-cert.gov/ics/advisories/icsa-20-091-02",
"@id": "ICSA-20-091-02",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/400.html",
"@id": "CWE-400",
"@title": "Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)(CWE-400)"
}
],
"title": "Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port"
}
jvndb-2020-005854
Vulnerability from jvndb
Published
2020-06-24 10:32
Modified
2020-06-24 10:32
Severity ?
Summary
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information
Details
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.
References
| ► | Type | URL | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
"dc:date": "2020-06-24T10:32+09:00",
"dcterms:issued": "2020-06-24T10:32+09:00",
"dcterms:modified": "2020-06-24T10:32+09:00",
"description": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information (CWE-319) between CPU modules and GX Works3 and/or GX Works2.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005854.html",
"sec:cpe": [
{
"#text": "cpe:/o:mitsubishielectric:melsec-fx_firmware",
"@product": "MELSEC FX series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-l_firmware",
"@product": "MELSEC L series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec-q_firmware",
"@product": "MELSEC Q series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-f_firmware",
"@product": "MELSEC iQ-F series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/o:mitsubishielectric:melsec_iq-r_firmware",
"@product": "MELSEC iQ-R series",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2020-005854",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91424496/",
"@id": "JVNVU#91424496",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5594",
"@id": "CVE-2020-5594",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5594",
"@id": "CVE-2020-5594",
"@source": "NVD"
},
{
"#text": "https://www.us-cert.gov/ics/advisories/icsa-20-175-01",
"@id": "ICSA-20-175-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/319.html",
"@id": "CWE-319",
"@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
}
],
"title": "Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information"
}