CVE-2024-1917
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDECPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q04UDEHCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q06UDEHCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q10UDEHCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q13UDEHCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q20UDEHCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q26UDEHCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q50UDEHCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q100UDEHCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q03UDVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q04UDVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q06UDVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q13UDVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q26UDVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q04UDPVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q06UDPVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q13UDPVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-Q Series Q26UDPVCPU | The first 5 digits of serial No. "26061" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-L Series L02CPU | The first 5 digits of serial No. "26041" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-L Series L06CPU | The first 5 digits of serial No. "26041" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-L Series L26CPU | The first 5 digits of serial No. "26041" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-L Series L02CPU-P | The first 5 digits of serial No. "26041" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-L Series L06CPU-P | The first 5 digits of serial No. "26041" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-L Series L26CPU-P | The first 5 digits of serial No. "26041" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-L Series L26CPU-BT | The first 5 digits of serial No. "26041" and prior | affected |
| Mitsubishi Electric Corporation | MELSEC-L Series L26CPU-PBT | The first 5 digits of serial No. "26041" and prior | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CVE Program Container
Additional References
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
- https://jvn.jp/vu/JVNVU99690199/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf
- https://jvn.jp/vu/JVNVU99690199/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.