CVE-2024-1916 | ByteOS Network

Vulnerability Details :

CVE-2024-1916

Assigner-Mitsubishi

Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad

Published At-15 Mar, 2024 | 00:01

Updated At-27 Aug, 2024 | 19:57

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:Mitsubishi

Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad

Published At:15 Mar, 2024 | 00:01

Updated At:27 Aug, 2024 | 19:57

▼CVE Numbering Authority (CNA)

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

Affected Products

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q03UDECPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q04UDEHCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q06UDEHCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q10UDEHCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q13UDEHCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q20UDEHCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q26UDEHCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q50UDEHCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q100UDEHCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q03UDVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q04UDVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q06UDVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q13UDVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q26UDVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q04UDPVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q06UDPVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q13UDPVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-Q Series Q26UDPVCPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26061" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-L Series L02CPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26041" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-L Series L06CPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26041" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-L Series L26CPU

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26041" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-L Series L02CPU-P

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26041" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-L Series L06CPU-P

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26041" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-L Series L26CPU-P

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26041" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-L Series L26CPU-BT

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26041" and prior

Vendor

Mitsubishi Electric Corporation

Product

MELSEC-L Series L26CPU-PBT

Default Status

unaffected

Versions

Affected

The first 5 digits of serial No. "26041" and prior

Problem Types

Type	CWE ID	Description
CWE	CWE-190	CWE-190 Integer Overflow or Wraparound

Type: CWE

CWE ID: CWE-190

Description: CWE-190 Integer Overflow or Wraparound

Metrics

Version	Base score	Base severity	Vector
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impacts

CAPEC ID	Description
N/A	Remote Code Execution

CAPEC ID: N/A

Description: Remote Code Execution

References

Hyperlink	Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf	vendor-advisory
https://jvn.jp/vu/JVNVU99690199/	government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14	government-resource

Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

Resource:

vendor-advisory

Hyperlink: https://jvn.jp/vu/JVNVU99690199/

Resource:

government-resource

Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14

Resource:

government-resource

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf	vendor-advisory x_transferred
https://jvn.jp/vu/JVNVU99690199/	government-resource x_transferred
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14	government-resource x_transferred

Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

Resource:

vendor-advisory

x_transferred

Hyperlink: https://jvn.jp/vu/JVNVU99690199/

Resource:

government-resource

x_transferred

Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14

Resource:

government-resource

x_transferred

2. CISA ADP Vulnrichment

Affected Products

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q03udecpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q04udehcpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q06udehcpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q10udehcpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q13udehcpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q20udehcpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q26udehcpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q50udehcpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q-q100udehcpu

CPEs

cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q03udvcpu

CPEs

cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q04udvcpu

CPEs

cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q06udvcpu

CPEs

cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q13udvcpu

CPEs

cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q26udvcpu

CPEs

cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q06udpvcpu

CPEs

cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q13udpvcpu

CPEs

cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_q26udpvcpu

CPEs

cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26061 (custom)

Vendor

Mitsubishi Electric Corporation

Product

CPEs

cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26041 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_l06cpu\(-p\)

CPEs

cpe:2.3:h:mitsubishi:melsec_l06cpu\(-p\):-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26041 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_l26cpu\(-p\)

CPEs

cpe:2.3:h:mitsubishi:melsec_l26cpu\(-p\):-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26041 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_l02cpu-p

CPEs

cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26041 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_l06cpu-p

CPEs

cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26041 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_l26cpu-p

CPEs

cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26041 (custom)

Vendor

Mitsubishi Electric Corporation

Product

CPEs

cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26041 (custom)

Vendor

Mitsubishi Electric Corporation

Product

melsec_l26cpu-pbt

CPEs

cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before xxxxx26041 (custom)

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Published At:15 Mar, 2024 | 01:15

Updated At:15 Mar, 2024 | 12:53

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-190	Primary	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

CWE ID: CWE-190

Type: Primary

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

References

Hyperlink	Source	Resource
https://jvn.jp/vu/JVNVU99690199/	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	N/A
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf	Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	N/A

Hyperlink: https://jvn.jp/vu/JVNVU99690199/

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Resource: N/A

Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Resource: N/A

Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Resource: N/A