PT-2019-12112 · Mitsubishi · Fr Configurator2

Published

2019-07-25

Updated

2020-10-02

CVE-2019-10972

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric FR Configurator2 versions 1.16S and prior

Description The issue occurs when an attacker provides a rogue project file (.frc2) to the target. Upon opening the rogue project, CPU exhaustion happens, causing the software to stop responding until it is restarted.

Recommendations For versions 1.16S and prior, avoid opening project files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, consider implementing measures to monitor and limit CPU usage to prevent exhaustion.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2019-10972

Affected Products

Fr Configurator2

PT-2019-12112 · Mitsubishi · Fr Configurator2

CVE-2019-10972

Weakness Enumeration

Related Identifiers

Affected Products

References · 3