← Zuruck zu CVEs
CVE-2019-13555
MEDIUM5.9
Beschreibung
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.
CVE Details
CVSS v3.1 Bewertung5.9
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht11/13/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
mitsubishielectric:l02\/06\/26cpumitsubishielectric:l02\/06\/26cpu-cmmitsubishielectric:l02\/06\/26cpu-cm_firmwaremitsubishielectric:l02\/06\/26cpu-pmitsubishielectric:l02\/06\/26cpu-p_firmwaremitsubishielectric:l02\/06\/26cpu_firmwaremitsubishielectric:l26cpu-btmitsubishielectric:l26cpu-bt-cmmitsubishielectric:l26cpu-bt-cm_firmwaremitsubishielectric:l26cpu-bt_firmwaremitsubishielectric:l26cpu-pbtmitsubishielectric:l26cpu-pbt_firmwaremitsubishielectric:q03\/04\/06\/13\/26udvcpumitsubishielectric:q03\/04\/06\/13\/26udvcpu_firmwaremitsubishielectric:q03udecpumitsubishielectric:q03udecpu_firmwaremitsubishielectric:q04\/06\/10\/13\/20\/26\/50\/100udehcpumitsubishielectric:q04\/06\/10\/13\/20\/26\/50\/100udehcpu_firmwaremitsubishielectric:q04\/06\/13\/26udpvcpumitsubishielectric:q04\/06\/13\/26udpvcpu_firmware
Schwachen (CWE)
CWE-400
Referenzen
https://www.us-cert.gov/ics/advisories/icsa-19-311-01(ics-cert@hq.dhs.gov)
https://www.us-cert.gov/ics/advisories/icsa-19-311-01(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.