CVE-2024-0802 - Vulnerability Details

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU99690199/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2024-03-14T23:57:07.390Z

Updated: 2024-08-01T18:18:18.584Z

Reserved: 2024-01-23T00:04:23.168Z

Link: CVE-2024-0802

Vulnrichment

Updated: 2024-08-01T18:18:18.584Z

NVD

Status : Awaiting Analysis

Published: 2024-03-15T01:15:57.703

Modified: 2024-11-21T08:47:24.303

Link: CVE-2024-0802

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0802", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2024-01-23T00:04:23.168Z", "datePublished": "2024-03-14T23:57:07.390Z", "dateUpdated": "2024-08-01T18:18:18.584Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDECPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q10UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q20UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q50UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q100UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L02CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L06CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L02CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L06CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-BT", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-PBT", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}], "datePublic": "2024-03-14T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet."}], "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure and Remote Code Execution"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-468", "description": "CWE-468 Incorrect Pointer Scaling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-06-14T00:03:03.747Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "mitsubishielectric", "product": "melsec_q-q03udecpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q04udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q06udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q10udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q13udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q20udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q26udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q50udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q100udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q03udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q04udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q06udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q13udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q26udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q06udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q13udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q26udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "l02cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_l06cpu\\(-p\\)", "cpes": ["cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_l26cpu\\(-p\\)", "cpes": ["cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l02cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l06cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l26cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "l26cpu-bt", "cpes": ["cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l26cpu-pbt", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T00:29:47.319671Z", "id": "CVE-2024-0802", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T01:00:21.794Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.584Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"tags": ["government-resource", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://jvn.jp/vu/JVNVU99690199/", "tags": ["government-resource", "x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.584Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0802", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-16T00:29:47.319671Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q03udecpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q04udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q06udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q10udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q13udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q20udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q26udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q50udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q100udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q03udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q04udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q06udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q13udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q26udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q06udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q13udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q26udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "l02cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_l06cpu\\(-p\\)", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_l26cpu\\(-p\\)", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l02cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l06cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l26cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "l26cpu-bt", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l26cpu-pbt", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T00:43:50.344Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure and Remote Code Execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDECPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q10UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q20UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q50UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q100UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L02CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L06CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L02CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L06CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-BT", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-PBT", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}], "datePublic": "2024-03-14T03:00:00.000Z", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU99690199/", "tags": ["government-resource"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-468", "description": "CWE-468 Incorrect Pointer Scaling"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-06-14T00:03:03.747Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0802", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:18:18.584Z", "dateReserved": "2024-01-23T00:04:23.168Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2024-03-14T23:57:07.390Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet."}, {"lang": "es", "value": "Vulnerabilidad de escalado de puntero incorrecto en los m\u00f3dulos de CPU de las series MELSEC-Q y MELSEC-L de Mitsubishi Electric Corporation permite a un atacante remoto no autenticado leer informaci\u00f3n arbitraria de un producto objetivo o ejecutar c\u00f3digo malicioso en un producto objetivo enviando un paquete especialmente manipulado."}], "id": "CVE-2024-0802", "lastModified": "2024-11-21T08:47:24.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}, "published": "2024-03-15T01:15:57.703", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-468"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object