CVE-2016-8368

13.02.2017, 21:59

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
icscert	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Vendor	Product	Version
mitsubishielectric	qj71e71-100_firmware	-
mitsubishielectric	qj71e71-b5_firmware	-
mitsubishielectric	qj71e71-b2_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-662 - Improper Synchronization
The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

References

http://www.securityfocus.com/bid/94632

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03

http://www.securityfocus.com/bid/94632

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03