CVE-2024-1917 - Vulnerability Details - OpenCVE

Description

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

Published: 2024-03-15

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mitsubishi Electric Corporation

MELSEC-Q Series Q03UDECPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q04UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q06UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q10UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q13UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q20UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q26UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q50UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q100UDEHCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q03UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q04UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q06UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q13UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q26UDVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q04UDPVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q06UDPVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q13UDPVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-Q Series Q26UDPVCPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26061" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L02CPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L06CPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L26CPU

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L02CPU-P

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L06CPU-P

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L26CPU-P

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L26CPU-BT

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

Mitsubishi Electric Corporation

MELSEC-L Series L26CPU-PBT

unaffected

Version	Status	Constraints
`The first 5 digits of serial No. "26041" and prior`	affected	—

No data.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-17639	Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00425.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://jvn.jp/vu/JVNVU99690199/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf

History

No history.

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2024-03-15T00:02:39.351Z

Updated: 2024-08-27T19:58:12.567Z

Reserved: 2024-02-27T06:32:47.752Z

Link: CVE-2024-1917

Vulnrichment

Updated: 2024-08-01T18:56:22.476Z

NVD

Status : Deferred

Published: 2024-03-15T01:15:58.590

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-1917

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-190

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1917", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "dateReserved": "2024-02-27T06:32:47.752Z", "datePublished": "2024-03-15T00:02:39.351Z", "dateUpdated": "2024-08-27T19:58:12.567Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDECPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q10UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q20UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q50UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q100UDEHCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q03UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q04UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q06UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q13UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-Q Series Q26UDPVCPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L02CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L06CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L02CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L06CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-P", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-BT", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}, {"defaultStatus": "unaffected", "product": "MELSEC-L Series L26CPU-PBT", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}]}], "datePublic": "2024-03-14T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."}], "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Remote Code Execution"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-06-14T00:05:06.682Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.476Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"tags": ["government-resource", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}]}, {"affected": [{"vendor": "mitsubishielectric", "product": "melsec_q-q03udecpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q04udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q06udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q10udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q13udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q20udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q26udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q50udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_q-q100udehcpu", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q03udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q04udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q06udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q13udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q26udvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q06udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q13udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_q26udpvcpu", "cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26061", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "l02cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_l06cpu\\(-p\\)", "cpes": ["cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishi", "product": "melsec_l26cpu\\(-p\\)", "cpes": ["cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l02cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l06cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l26cpu-p", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "l26cpu-bt", "cpes": ["cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}, {"vendor": "mitsubishielectric", "product": "melsec_l26cpu-pbt", "cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "xxxxx26041", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T19:57:53.325242Z", "id": "CVE-2024-1917", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T19:58:12.567Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://jvn.jp/vu/JVNVU99690199/", "tags": ["government-resource", "x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.476Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1917", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-27T19:57:53.325242Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q03udecpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q03udecpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q04udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q04udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q06udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q06udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q10udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q10udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q13udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q13udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q20udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q20udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q26udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q26udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q50udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q50udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_q-q100udehcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_q-q100udehcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q03udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q03udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q04udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q04udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q06udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q13udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q26udvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q06udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q06udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q13udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q13udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_q26udpvcpu:-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_q26udpvcpu", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26061", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:l02cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "l02cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_l06cpu\\(-p\\):-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_l06cpu\\(-p\\)", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishi:melsec_l26cpu\\(-p\\):-:*:*:*:*:*:*:*"], "vendor": "mitsubishi", "product": "melsec_l26cpu\\(-p\\)", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l02cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l02cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l06cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l06cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-p:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l26cpu-p", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:l26cpu-bt:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "l26cpu-bt", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitsubishielectric:melsec_l26cpu-pbt:-:*:*:*:*:*:*:*"], "vendor": "mitsubishielectric", "product": "melsec_l26cpu-pbt", "versions": [{"status": "affected", "version": "0", "lessThan": "xxxxx26041", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T19:58:00.940Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Remote Code Execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDECPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q10UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q20UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q50UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q100UDEHCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q03UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q04UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q06UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q13UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-Q Series Q26UDPVCPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26061\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L02CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L06CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L02CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L06CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-P", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-BT", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Mitsubishi Electric Corporation", "product": "MELSEC-L Series L26CPU-PBT", "versions": [{"status": "affected", "version": "The first 5 digits of serial No. \"26041\" and prior"}], "defaultStatus": "unaffected"}], "datePublic": "2024-03-14T03:00:00.000Z", "references": [{"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "tags": ["vendor-advisory"]}, {"url": "https://jvn.jp/vu/JVNVU99690199/", "tags": ["government-resource"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "supportingMedia": [{"type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2024-06-14T00:05:06.682Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1917", "state": "PUBLISHED", "dateUpdated": "2024-08-27T19:58:12.567Z", "dateReserved": "2024-02-27T06:32:47.752Z", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "datePublished": "2024-03-15T00:02:39.351Z", "assignerShortName": "Mitsubishi"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de enteros o envoltura en los m\u00f3dulos de CPU de las series MELSEC-Q y MELSEC-L de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado ejecute c\u00f3digo malicioso en un producto objetivo enviando un paquete especialmente manipulado."}], "id": "CVE-2024-1917", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}, "published": "2024-03-15T01:15:58.590", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/vu/JVNVU99690199/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}]}