CVE-2019-6535

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
icscertCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
mitsubishielectricq03udvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq04udvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq06udvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq13udvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq26udvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq04udpvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq06udpvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq13udpvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq26udpvcpu_firmware
𝑥
≤ 20081
mitsubishielectricq03udecpu_firmware
𝑥
≤ 20101
mitsubishielectricq04udehcpu_firmware
𝑥
≤ 20101
mitsubishielectricq06udehcpu_firmware
𝑥
≤ 20101
mitsubishielectricq10udehcpu_firmware
𝑥
≤ 20101
mitsubishielectricq13udehcpu_firmware
𝑥
≤ 20101
mitsubishielectricq20udehcpu_firmware
𝑥
≤ 20101
mitsubishielectricq26udehcpu_firmware
𝑥
≤ 20101
mitsubishielectricq50udehcpu_firmware
𝑥
≤ 20101
mitsubishielectricq100udehcpu_firmware
𝑥
≤ 20101
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106771
https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02
http://www.securityfocus.com/bid/106771
https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02