CVE-2024-1917 - Vulnerability Details

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU99690199/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2024-03-15T00:02:39.351Z

Updated: 2024-08-27T19:58:12.567Z

Reserved: 2024-02-27T06:32:47.752Z

Link: CVE-2024-1917

Vulnrichment

Updated: 2024-08-01T18:56:22.476Z

NVD

Status : Awaiting Analysis

Published: 2024-03-15T01:15:58.590

Modified: 2024-11-21T08:51:35.613

Link: CVE-2024-1917

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1917", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2024-02-27T06:32:47.752Z", "datePublished": "2024-03-15T00:02:39.351Z", "dateUpdated": "2024-08-27T19:58:12.567Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDECPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q10UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q20UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q50UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q100UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L02CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L06CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L02CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L06CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-BT", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-PBT", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}], "datePublic": "2024-03-14T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."}], "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Remote Code Execution"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-06-14T00:05:06.682Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.476Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"tags": ["government-resource", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}]}, {"affected": [{"vendor": "mitsubishielectric", "product": "melsec_q-q03udecpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q04udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q06udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q10udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q13udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q20udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q26udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q50udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q100udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q03udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q04udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q06udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q13udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q26udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q06udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q13udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q26udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "l02cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_l06cpu\\(-p\\)", "cpes": ["cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_l26cpu\\(-p\\)", "cpes": ["cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l02cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l06cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l26cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "l26cpu-bt", "cpes": ["cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l26cpu-pbt", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T19:57:53.325242Z", "id": "CVE-2024-1917", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T19:58:12.567Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://jvn.jp/vu/JVNVU99690199/", "tags": ["government-resource", "x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.476Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1917", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-27T19:57:53.325242Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q03udecpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q04udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q06udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q10udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q13udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q20udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q26udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q50udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q100udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q03udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q04udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q06udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q13udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q26udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q06udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q13udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q26udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "l02cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_l06cpu\\(-p\\)", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_l26cpu\\(-p\\)", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l02cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l06cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l26cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "l26cpu-bt", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l26cpu-pbt", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T19:58:00.940Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Remote Code Execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDECPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q10UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q20UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q50UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q100UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L02CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L06CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L02CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L06CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-BT", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-PBT", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}], "datePublic": "2024-03-14T03:00:00.000Z", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU99690199/", "tags": ["government-resource"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "supportingMedia": [{"type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-06-14T00:05:06.682Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1917", "state": "PUBLISHED", "dateUpdated": "2024-08-27T19:58:12.567Z", "dateReserved": "2024-02-27T06:32:47.752Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2024-03-15T00:02:39.351Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de enteros o envoltura en los m\u00f3dulos de CPU de las series MELSEC-Q y MELSEC-L de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado ejecute c\u00f3digo malicioso en un producto objetivo enviando un paquete especialmente manipulado."}], "id": "CVE-2024-1917", "lastModified": "2024-11-21T08:51:35.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}, "published": "2024-03-15T01:15:58.590", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object