{"containers": {"cna": {"affected": [{"product": "Mitsubishi Electric FR Configurator2", "vendor": "Mitsubishi Electric", "versions": [{"status": "affected", "version": "Version 1.16S and prior"}]}], "descriptions": [{"lang": "en", "value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-25T23:31:47.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-10972", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mitsubishi Electric FR Configurator2", "version": {"version_data": [{"version_value": "Version 1.16S and prior"}]}}]}, "vendor_name": "Mitsubishi Electric"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:15.483Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-10972", "datePublished": "2019-07-25T23:31:47.000Z", "dateReserved": "2019-04-08T00:00:00.000Z", "dateUpdated": "2024-08-04T22:40:15.483Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mitsubishielectric:electric_fr_configurator2:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B582A19-3A57-41C4-AC41-1D6154106044", "versionEndIncluding": "1.16s", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted."}, {"lang": "es", "value": "FR Configurator2 de Mitsubishi Electric, versi\u00f3n 1.16S y anteriores. Esta vulnerabilidad puede ser activada cuando un atacante proporciona a la victima un archivo de proyecto no autorizado (.frc2). Una vez que un usuario abre el proyecto no autorizado, ocurre un agotamiento de la CPU, lo que causa que el software deje de responder hasta que se reinicie la aplicaci\u00f3n."}], "id": "CVE-2019-10972", "lastModified": "2024-11-21T04:20:16.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-26T00:15:11.277", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}