Integer Overflow Vulnerability in Mitsubishi Electric MELSEC-Q and MELSEC-L Series CPU Modules
CVE-2024-0803

9.8CRITICAL

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Melsec-q Series Q03udecpu
Melsec-q Series Q04udehcpu
Melsec-q Series Q06udehcpu
Melsec-q Series Q10udehcpu
Vendor
CVE Published:
15 March 2024

Summary

An Integer Overflow or Wraparound vulnerability exists in the MELSEC-Q Series and MELSEC-L Series CPU modules by Mitsubishi Electric Corporation. This security issue permits a remote unauthenticated attacker to execute malicious code on the targeted device. By sending a specially crafted packet, attackers can exploit this weakness, potentially compromising the integrity and functionality of critical systems reliant on these CPU modules.

Affected Version(s)

MELSEC-L Series L02CPU The first 5 digits of serial No. "26041" and prior

MELSEC-L Series L02CPU-P The first 5 digits of serial No. "26041" and prior

MELSEC-L Series L06CPU The first 5 digits of serial No. "26041" and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU99690199/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...
government-resource

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.