CVE-2024-1915

Summary

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric CorporationMELSEC-Q Series Q03UDECPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q04UDEHCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q06UDEHCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q10UDEHCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q13UDEHCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q20UDEHCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q26UDEHCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q50UDEHCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q100UDEHCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q03UDVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q04UDVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q06UDVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q13UDVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q26UDVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q04UDPVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q06UDPVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q13UDPVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-Q Series Q26UDPVCPUThe first 5 digits of serial No. "26061" and prioraffected
Mitsubishi Electric CorporationMELSEC-L Series L02CPUThe first 5 digits of serial No. "26041" and prioraffected
Mitsubishi Electric CorporationMELSEC-L Series L06CPUThe first 5 digits of serial No. "26041" and prioraffected
Mitsubishi Electric CorporationMELSEC-L Series L26CPUThe first 5 digits of serial No. "26041" and prioraffected
Mitsubishi Electric CorporationMELSEC-L Series L02CPU-PThe first 5 digits of serial No. "26041" and prioraffected
Mitsubishi Electric CorporationMELSEC-L Series L06CPU-PThe first 5 digits of serial No. "26041" and prioraffected
Mitsubishi Electric CorporationMELSEC-L Series L26CPU-PThe first 5 digits of serial No. "26041" and prioraffected
Mitsubishi Electric CorporationMELSEC-L Series L26CPU-BTThe first 5 digits of serial No. "26041" and prioraffected
Mitsubishi Electric CorporationMELSEC-L Series L26CPU-PBTThe first 5 digits of serial No. "26041" and prioraffected

Weaknesses

  • CWE-468: CWE-468 Incorrect Pointer Scaling

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References