CVE-2024-0802 - Vulnerability Details - OpenCVE

Description

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.

Published: 2024-03-14

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mitsubishi Electric Corporation

MELSEC-Q Series Q03UDECPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q04UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q06UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q10UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q13UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q20UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q26UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q50UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q100UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q03UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q04UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q06UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q13UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q26UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q04UDPVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q06UDPVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q13UDPVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q26UDPVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L02CPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L06CPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L26CPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L02CPU-P

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L06CPU-P

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L26CPU-P

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L26CPU-BT

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L26CPU-PBT

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

No data.

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-16589	Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0036.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://jvn.jp/vu/JVNVU99690199/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

History

No history.

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2024-03-14T23:57:07.390Z

Updated: 2024-08-01T18:18:18.584Z

Reserved: 2024-01-23T00:04:23.168Z

Link: CVE-2024-0802

Vulnrichment

Updated: 2024-08-01T18:18:18.584Z

NVD

Status : Awaiting Analysis

Published: 2024-03-15T01:15:57.703

Modified: 2024-11-21T08:47:24.303

Link: CVE-2024-0802

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-468

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0802", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2024-01-23T00:04:23.168Z", "datePublished": "2024-03-14T23:57:07.390Z", "dateUpdated": "2024-08-01T18:18:18.584Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDECPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q10UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q20UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q50UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q100UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L02CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L06CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L02CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L06CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-BT", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-PBT", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}], "datePublic": "2024-03-14T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet."}], "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure and Remote Code Execution"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-468", "description": "CWE-468 Incorrect Pointer Scaling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-06-14T00:03:03.747Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "mitsubishielectric", "product": "melsec_q-q03udecpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q04udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q06udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q10udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q13udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q20udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q26udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q50udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q100udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q03udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q04udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q06udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q13udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q26udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q06udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q13udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q26udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "l02cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_l06cpu\\(-p\\)", "cpes": ["cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_l26cpu\\(-p\\)", "cpes": ["cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l02cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l06cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l26cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "l26cpu-bt", "cpes": ["cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l26cpu-pbt", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T00:29:47.319671Z", "id": "CVE-2024-0802", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T01:00:21.794Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.584Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"tags": ["government-resource", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://jvn.jp/vu/JVNVU99690199/", "tags": ["government-resource", "x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.584Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0802", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-16T00:29:47.319671Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q03udecpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q04udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q06udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q10udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q13udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q20udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q26udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q50udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q100udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q03udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q04udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q06udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q13udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q26udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q06udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q13udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q26udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "l02cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_l06cpu\\(-p\\)", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_l26cpu\\(-p\\)", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l02cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l06cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l26cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "l26cpu-bt", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l26cpu-pbt", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T00:43:50.344Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure and Remote Code Execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDECPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q10UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q20UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q50UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q100UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L02CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L06CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L02CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L06CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-BT", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-PBT", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}], "datePublic": "2024-03-14T03:00:00.000Z", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU99690199/", "tags": ["government-resource"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-468", "description": "CWE-468 Incorrect Pointer Scaling"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-06-14T00:03:03.747Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0802", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:18:18.584Z", "dateReserved": "2024-01-23T00:04:23.168Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2024-03-14T23:57:07.390Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet."}, {"lang": "es", "value": "Vulnerabilidad de escalado de puntero incorrecto en los m\u00f3dulos de CPU de las series MELSEC-Q y MELSEC-L de Mitsubishi Electric Corporation permite a un atacante remoto no autenticado leer informaci\u00f3n arbitraria de un producto objetivo o ejecutar c\u00f3digo malicioso en un producto objetivo enviando un paquete especialmente manipulado."}], "id": "CVE-2024-0802", "lastModified": "2024-11-21T08:47:24.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}, "published": "2024-03-15T01:15:57.703", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-468"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}