Lucene search

[email protected]CVE-2024-1917

HistoryMar 15, 2024 - 1:15 a.m.

CVE-2024-1917

2024-03-1501:15:58

CWE-190

[email protected]

web.nvd.nist.gov

cve

2024

1917

integer overflow

wraparound

vulnerability

mitsubishi electric corporation

melsec-q series

melsec-l series

cpu modules

remote unauthenticated attacker

malicious code

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.4%

JSON

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q03UDECPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q04UDEHCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q06UDEHCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q10UDEHCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q13UDEHCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q20UDEHCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q26UDEHCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q50UDEHCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q100UDEHCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q03UDVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q04UDVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q06UDVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q13UDVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q26UDVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q04UDPVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q06UDPVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q13UDPVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-Q Series Q26UDPVCPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-L Series L02CPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The first 5 digits of serial No. \"26041\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-L Series L06CPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The first 5 digits of serial No. \"26041\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-L Series L26CPU",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The first 5 digits of serial No. \"26041\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-L Series L02CPU-P",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The first 5 digits of serial No. \"26041\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-L Series L06CPU-P",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The first 5 digits of serial No. \"26041\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-L Series L26CPU-P",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The first 5 digits of serial No. \"26041\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-L Series L26CPU-BT",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The first 5 digits of serial No. \"26041\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC-L Series L26CPU-PBT",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The first 5 digits of serial No. \"26041\" and prior"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU99690199/

www.cisa.gov/news-events/ics-advisories/icsa-24-074-14

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.4%

JSON

Related for CVE-2024-1917

nessus1 cvelist1 nvd1 ics1