PT-2019-12117 · Mitsubishi · Melsec-Q Series Ethernet Module Qj71E71-100

Published

2019-05-23

Updated

2020-10-02

CVE-2019-10977

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 versions with serial number 20121 and prior

Description The issue allows an attacker to send crafted TCP packets against the "FTP service", forcing the target devices to enter an error mode and cause a denial-of-service condition.

Recommendations For versions with serial number 20121 and prior, consider disabling the FTP service as a temporary workaround until a patch is available. Restrict access to the Ethernet module to minimize the risk of exploitation.

Fix

Improper Handling of Exceptional Conditions

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-400

Related Identifiers

CVE-2019-10977

Affected Products

Melsec-Q Series Ethernet Module Qj71E71-100

PT-2019-12117 · Mitsubishi · Melsec-Q Series Ethernet Module Qj71E71-100

CVE-2019-10977

Weakness Enumeration

Related Identifiers

Affected Products

References · 4