ID
VAR-201911-1188
CVE
CVE-2019-13555
TITLE
Made by Mitsubishi Electric MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP Server function resource exhaustion vulnerability
Trust: 0.8
DESCRIPTION
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. Provided by Mitsubishi Electric Corporation MELSEC-Q series CPU Unit and MELSEC-L series CPU Unit FTP The server function has a resource exhaustion vulnerability (CWE-400) Exists. Of the product FTP Server function interferes with service operation (DoS) It may be in a state. This vulnerability information is used by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC Coordinated with the developer.Of the product FTP Server function interferes with service operation (DoS) By becoming a state, FTP The client FTP You will not be able to connect to the server. According to the developer, the vulnerability affects FTP It is only a server function. The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller from Mitsubishi Electric Corporation of Japan. The Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller from Mitsubishi Corporation of Japan
Trust: 2.43
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
AFFECTED PRODUCTS
| vendor: | mitsubishielectric | model: | l26cpu-bt-cm | scope: | lte | version: | 21101 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | l02\/06\/26cpu-cm | scope: | lte | version: | 21101 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | l02\/06\/26cpu | scope: | lte | version: | 21101 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | l26cpu-bt | scope: | lte | version: | 21101 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | l02\/06\/26cpu-p | scope: | lte | version: | 21101 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | q03udecpu | scope: | lte | version: | 21081 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | l26cpu-pbt | scope: | lte | version: | 21101 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | q03\/04\/06\/13\/26udvcpu | scope: | lte | version: | 21081 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | q04\/06\/13\/26udpvcpu | scope: | lte | version: | 21081 | Trust: 1.0 |
| vendor: | mitsubishielectric | model: | q04\/06\/10\/13\/20\/26\/50\/100udehcpu | scope: | lte | version: | 21081 | Trust: 1.0 |
| vendor: | mitsubishi electric | model: | melsec-l series cpu unit | scope: | eq | version: | l02/06/26cpu | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-l series cpu unit | scope: | lte | version: | l26cpu-bt ( top serial number 5 digits 21101 ) | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-l series cpu unit | scope: | eq | version: | l02/06/26cpu-cm | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-l series cpu unit | scope: | lte | version: | l26cpu-bt-cm ( top serial number 5 digits 21101 ) | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-l series cpu unit | scope: | eq | version: | l02/06/26cpu-p | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-l series cpu unit | scope: | lte | version: | l26cpu-pbt ( top serial number 5 digits 21101 ) | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-q series cpu unit | scope: | lte | version: | q03/04/06/13/26udvcpu ( top serial number 5 digits 21081 ) | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-q series cpu unit | scope: | eq | version: | q03udecpu | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-q series cpu unit | scope: | lte | version: | q04/06/10/13/20/26/50/100udehcpu ( top serial number 5 digits 21081 ) | Trust: 0.8 |
| vendor: | mitsubishi electric | model: | melsec-q series cpu unit | scope: | lte | version: | q04/06/13/26udpvcpu ( top serial number 5 digits 21081 ) | Trust: 0.8 |
| vendor: | mitsubishi | model: | electric mitsubishi electric melsec-q series <=q03/04/06/13/26udvcpu | scope: | eq | version: | 21081 | Trust: 0.6 |
| vendor: | mitsubishi | model: | electric mitsubishi electric melsec-q series <=q04/06/13/26udpvcpu | scope: | eq | version: | 21081 | Trust: 0.6 |
| vendor: | mitsubishi | model: | electric mitsubishi electric melsec-q series <=q03udecpu q04/06/10/13/20/26/50/100udehcpu | scope: | eq | version: | 21081 | Trust: 0.6 |
| vendor: | mitsubishi | model: | electric mitsubishi melsec-l series <=l26cpu-bt | scope: | eq | version: | 21101 | Trust: 0.6 |
| vendor: | mitsubishi | model: | electric mitsubishi melsec-l series <=l02/06/26cpu-p | scope: | eq | version: | 21101 | Trust: 0.6 |
| vendor: | mitsubishi | model: | electric mitsubishi melsec-l series <=l26cpu-pbt | scope: | eq | version: | 21101 | Trust: 0.6 |
| vendor: | mitsubishi | model: | electric mitsubishi melsec-l series <=l02/06/26cpu-cm | scope: | eq | version: | 21101 | Trust: 0.6 |
| vendor: | mitsubishi | model: | electric mitsubishi melsec-l series <=l26cpu-bt-cm | scope: | eq | version: | 21101 | Trust: 0.6 |
| vendor: | mitsubishi | model: | electric mitsubishi melsec-l series <=l02/06/26cpu | scope: | eq | version: | 21101 | Trust: 0.6 |
| vendor: | mitsubishielectric | model: | l26cpu-bt | scope: | eq | version: | 21101 | Trust: 0.6 |
| vendor: | mitsubishielectric | model: | l26cpu-bt | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | mitsubishielectric | model: | l26cpu-pbt | scope: | eq | version: | 21101 | Trust: 0.6 |
| vendor: | mitsubishielectric | model: | q03udecpu | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | mitsubishielectric | model: | q03udecpu | scope: | eq | version: | 21081 | Trust: 0.6 |
| vendor: | q03 04 06 13 26udvcpu | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | l26cpu bt cm | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | q04 06 13 26udpvcpu | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | q03udecpu | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | q04 06 10 13 20 26 50 100udehcpu | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | l02 06 26cpu | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | l26cpu bt | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | l02 06 26cpu p | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | l26cpu pbt | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | l02 06 26cpu cm | model: | - | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-400 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Resource management error
Trust: 0.8
CONFIGURATIONS
PATCH
| title: | MELSEC-QシリーズCPU、およびMELSEC-LシリーズCPUにおけるFTPサーバ機能の脆弱性 | url: | https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-002.pdf | Trust: 0.8 |
| title: | Patch for Mitsubishi Electric MELSEC-Q Series and Mitsubishi MELSEC-L Series Resource Management Error Vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/191107 | Trust: 0.6 |
| title: | Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series Remediation of resource management error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103038 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-13555 | Trust: 3.3 |
| db: | ICS CERT | id: | ICSA-19-311-01 | Trust: 3.1 |
| db: | CNVD | id: | CNVD-2019-41428 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201911-424 | Trust: 0.8 |
| db: | JVN | id: | JVNVU97094124 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2019-011686 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2019.4209 | Trust: 0.6 |
| db: | IVD | id: | 00D06E5F-E8D7-433D-9E94-3FF51C3E39B6 | Trust: 0.2 |
| db: | VULMON | id: | CVE-2019-13555 | Trust: 0.1 |
REFERENCES
| url: | https://www.us-cert.gov/ics/advisories/icsa-19-311-01 | Trust: 3.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-13555 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13555 | Trust: 0.8 |
| url: | http://jvn.jp/cert/jvnvu97094124 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2019.4209/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/400.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | IVD | id: | 00d06e5f-e8d7-433d-9e94-3ff51c3e39b6 |
| db: | CNVD | id: | CNVD-2019-41428 |
| db: | VULMON | id: | CVE-2019-13555 |
| db: | JVNDB | id: | JVNDB-2019-011686 |
| db: | CNNVD | id: | CNNVD-201911-424 |
| db: | NVD | id: | CVE-2019-13555 |
LAST UPDATE DATE
2024-11-23T23:04:35.531000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-41428 | date: | 2019-11-20T00:00:00 |
| db: | VULMON | id: | CVE-2019-13555 | date: | 2019-11-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-011686 | date: | 2019-12-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201911-424 | date: | 2019-11-19T00:00:00 |
| db: | NVD | id: | CVE-2019-13555 | date: | 2024-11-21T04:25:08.387 |
SOURCES RELEASE DATE
| db: | IVD | id: | 00d06e5f-e8d7-433d-9e94-3ff51c3e39b6 | date: | 2019-11-20T00:00:00 |
| db: | CNVD | id: | CNVD-2019-41428 | date: | 2019-11-20T00:00:00 |
| db: | VULMON | id: | CVE-2019-13555 | date: | 2019-11-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-011686 | date: | 2019-11-15T00:00:00 |
| db: | CNNVD | id: | CNNVD-201911-424 | date: | 2019-11-07T00:00:00 |
| db: | NVD | id: | CVE-2019-13555 | date: | 2019-11-13T23:15:11.327 |