PT-2019-12117 · Mitsubishi · Melsec-Q Series Ethernet Module Qj71E71-100

Publicado

2019-05-23

Atualizado

2020-10-02

CVE-2019-10977

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 versions with serial number 20121 and prior

Description The issue allows an attacker to send crafted TCP packets against the "FTP service", forcing the target devices to enter an error mode and cause a denial-of-service condition.

Recommendations For versions with serial number 20121 and prior, consider disabling the FTP service as a temporary workaround until a patch is available. Restrict access to the Ethernet module to minimize the risk of exploitation.

Correção

Improper Handling of Exceptional Conditions

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-755CWE-400

Identificadores relacionados

CVE-2019-10977

Produtos afetados

Melsec-Q Series Ethernet Module Qj71E71-100

PT-2019-12117 · Mitsubishi · Melsec-Q Series Ethernet Module Qj71E71-100

CVE-2019-10977

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4