ID

VAR-201905-1060


CVE

CVE-2019-10977


TITLE

Made by Mitsubishi Electric MELSEC-Q series Ethernet Service operation interruption in the interface unit (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003963

DESCRIPTION

In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. Provided by Mitsubishi Electric Corporation MELSEC-Q Series Ethernet Interface unit FTP Functions include service disruption (DoS) (CWE-400) Vulnerabilities exist. The Mitsubishi Electric MELSEC-QseriesEthernetmoduleQJ71E71-100 is an Ethernet module from Japan's Mitsubishi Electric. A remote denial of service vulnerability exists in MitsubishiElectricMELSEC-QSeriesPLCs that could allow an attacker to cause a denial of service. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following MELSEC-Q series PLCs are affected: QJ71E71-100 serial number 20121 and prior. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 2.52

sources: NVD: CVE-2019-10977 // JVNDB: JVNDB-2019-003963 // CNVD: CNVD-2019-16527 // BID: 108419 // VULHUB: VHN-142577

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-16527

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:qj71e71-100scope:lteversion:20121

Trust: 1.0

vendor:mitsubishi electricmodel:qj71e71-100scope:eqversion:( above the serial number 5 digits 20121 previous version )

Trust: 0.8

vendor:mitsubishimodel:electric melsec-q series plcs j71e71-100 serial numberscope:lteversion:<=20121

Trust: 0.6

vendor:mitsubishimodel:electric qj71e71-100scope:eqversion:20121

Trust: 0.3

vendor:mitsubishimodel:electric qj71e71-100scope:eqversion:18072

Trust: 0.3

vendor:mitsubishimodel:electric qj71e71-100scope:neversion:20122

Trust: 0.3

sources: CNVD: CNVD-2019-16527 // BID: 108419 // JVNDB: JVNDB-2019-003963 // NVD: CVE-2019-10977

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10977
value: HIGH

Trust: 1.0

IPA: JVNDB-2019-003963
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-16527
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201905-839
value: HIGH

Trust: 0.6

VULHUB: VHN-142577
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10977
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2019-003963
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-16527
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-142577
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10977
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA: JVNDB-2019-003963
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-16527 // VULHUB: VHN-142577 // JVNDB: JVNDB-2019-003963 // CNNVD: CNNVD-201905-839 // NVD: CVE-2019-10977

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-755

Trust: 1.1

sources: VULHUB: VHN-142577 // NVD: CVE-2019-10977

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-839

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-839

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003963

PATCH

title:お問い合わせ | 三菱電機 FAurl:https://www.mitsubishielectric.co.jp/fa/support/purchase/index.html

Trust: 0.8

title:Patch for MitsubishiElectricMELSEC-QSeriesPLCs Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/163035

Trust: 0.6

sources: CNVD: CNVD-2019-16527 // JVNDB: JVNDB-2019-003963

EXTERNAL IDS

db:NVDid:CVE-2019-10977

Trust: 3.4

db:ICS CERTid:ICSA-19-141-02

Trust: 2.8

db:BIDid:108419

Trust: 2.6

db:JVNid:JVNVU93268101

Trust: 0.8

db:JVNDBid:JVNDB-2019-003963

Trust: 0.8

db:CNNVDid:CNNVD-201905-839

Trust: 0.7

db:CNVDid:CNVD-2019-16527

Trust: 0.6

db:AUSCERTid:ESB-2019.1867

Trust: 0.6

db:VULHUBid:VHN-142577

Trust: 0.1

sources: CNVD: CNVD-2019-16527 // VULHUB: VHN-142577 // BID: 108419 // JVNDB: JVNDB-2019-003963 // CNNVD: CNNVD-201905-839 // NVD: CVE-2019-10977

REFERENCES

url:http://www.securityfocus.com/bid/108419

Trust: 2.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-141-02

Trust: 2.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-10977

Trust: 1.4

url:http://www.mitsubishi-automation.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10977

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93268101/

Trust: 0.8

url:https://web.nvd.nist.gov//vuln/detail/cve-2019-10977

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1867/

Trust: 0.6

sources: CNVD: CNVD-2019-16527 // VULHUB: VHN-142577 // BID: 108419 // JVNDB: JVNDB-2019-003963 // CNNVD: CNNVD-201905-839 // NVD: CVE-2019-10977

CREDITS

Younes Dragoni and Alessandro Di Pinto of Nozomi Networks,Younes Dragoni and Alessandro Di Pinto of Nozomi Networks reported this vulnerability to Mitsubishi and NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201905-839

SOURCES

db:CNVDid:CNVD-2019-16527
db:VULHUBid:VHN-142577
db:BIDid:108419
db:JVNDBid:JVNDB-2019-003963
db:CNNVDid:CNNVD-201905-839
db:NVDid:CVE-2019-10977

LAST UPDATE DATE

2024-08-14T14:45:20.547000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-16527date:2019-06-05T00:00:00
db:VULHUBid:VHN-142577date:2020-10-02T00:00:00
db:BIDid:108419date:2019-05-21T00:00:00
db:JVNDBid:JVNDB-2019-003963date:2019-05-24T00:00:00
db:CNNVDid:CNNVD-201905-839date:2020-10-09T00:00:00
db:NVDid:CVE-2019-10977date:2020-10-02T13:33:12.300

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-16527date:2019-06-05T00:00:00
db:VULHUBid:VHN-142577date:2019-05-23T00:00:00
db:BIDid:108419date:2019-05-21T00:00:00
db:JVNDBid:JVNDB-2019-003963date:2019-05-24T00:00:00
db:CNNVDid:CNNVD-201905-839date:2019-05-21T00:00:00
db:NVDid:CVE-2019-10977date:2019-05-23T14:29:07.610