PT-2015-6350 · Mitsubishi · Melsec Fx3G Plc

Ralf Spenneberg

Published

2015-10-03

Updated

2015-10-06

CVE-2015-3938

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC FX3G PLC devices versions prior to April 2015

Description The issue allows remote attackers to cause a denial of service, resulting in a device outage, by sending a long parameter to the HTTP application.

Recommendations For versions prior to April 2015, consider restricting access to the HTTP application until a fix is available. As a temporary workaround, limit the length of parameters accepted by the application to prevent exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2015-3938

Affected Products

Melsec Fx3G Plc

PT-2015-6350 · Mitsubishi · Melsec Fx3G Plc

CVE-2015-3938

Weakness Enumeration

Related Identifiers

Affected Products

References · 2