CVE-2016-8368 - OpenCVE

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mitsubishielectric	Qj71e71-100 Qj71e71-100 Firmware Qj71e71-b2 Qj71e71-b2 Firmware Qj71e71-b5 Qj71e71-b5 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:qj71e71-b5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:qj71e71-b5:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:qj71e71-b2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:qj71e71-b2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94632
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-02-13T21:00:00

Updated: 2024-08-06T02:20:31.217Z

Reserved: 2016-09-28T00:00:00

Link: CVE-2016-8368

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-02-13T21:59:01.173

Modified: 2021-09-13T11:15:09.173

Link: CVE-2016-8368

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module", "vendor": "n/a", "versions": [{"status": "affected", "version": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module"}]}], "datePublic": "2017-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock."}], "problemTypes": [{"descriptions": [{"description": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Unrestricted Externally Accessible Lock", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-14T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03"}, {"name": "94632", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94632"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-8368", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module", "version": {"version_data": [{"version_value": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Unrestricted Externally Accessible Lock"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03"}, {"name": "94632", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94632"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:20:31.217Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03"}, {"name": "94632", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94632"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-8368", "datePublished": "2017-02-13T21:00:00", "dateReserved": "2016-09-28T00:00:00", "dateUpdated": "2024-08-06T02:20:31.217Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B02D732B-25E3-4D8A-872B-EC655195DE44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FD1EB30-B1FC-49CC-97D7-739AA5E92E86", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:qj71e71-b5_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "579FA375-1A72-4A5D-BC3E-285CBA5BD1A2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:qj71e71-b5:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6C571AE-9A2B-4673-90C1-A369B91E74FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:qj71e71-b2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DA33198-3964-490A-B4CE-388FC4C585FE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:qj71e71-b2:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB98436-7C3D-480C-927B-1D55DB1404B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock."}, {"lang": "es", "value": "Ha sido descubierto un problema en las series Mitsubishi Electric Automation MELSEC-Q en m\u00f3dulos de interfaz Ethernet QJ71E71-100, todas las versiones, QJ71E71-B5, todas las versiones y QJ71E71-B2, todas las versiones. El m\u00f3dulo de interfaz Ethernet afectado est\u00e1 conectado a MELSEC-Q PLC, lo que puede permitir a un atacante remoto conectarse al PLC a trav\u00e9s de Port 5002/TCP y provocar una denegaci\u00f3n de servicio, requiriendo que el PLC sea reseteado para continuar operando. Esto se produce por un Unrestricted Externally Accessible Lock."}], "id": "CVE-2016-8368", "lastModified": "2021-09-13T11:15:09.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-13T21:59:01.173", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94632"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-662"}], "source": "nvd@nist.gov", "type": "Primary"}]}