Severity
High
Analysis Summary
CVE-2024-1917 CVSS:9.8
Mitsubishi Electric MELSEC-Q/L Series could allow a remote attacker to execute arbitrary code on the system, caused by integer overflow or wraparound. By sending a specially crafted packet, an attacker could exploit this vulnerability to execute malicious code.
CVE-2024-1916 CVSS:9.8
Mitsubishi Electric MELSEC-Q/L Series could allow a remote attacker to execute arbitrary code on the system, caused by integer overflow or wraparound. By sending a specially crafted packet, an attacker could exploit this vulnerability to execute malicious code.
CVE-2024-1915 CVSS:9.8
Mitsubishi Electric MELSEC-Q/L Series could allow a remote attacker to execute arbitrary code on the system, caused by incorrect pointer scaling. By sending a specially crafted packet, an attacker could exploit this vulnerability to execute malicious code.
CVE-2024-0803 CVSS:9.8
Mitsubishi Electric MELSEC-Q/L Series could allow a remote attacker to execute arbitrary code on the system, caused by integer overflow or wraparound. By sending a specially crafted packet, an attacker could exploit this vulnerability to execute malicious code.
CVE-2024-0802 CVSS:9.8
Mitsubishi Electric MELSEC-Q/L Series could allow a remote attacker to execute arbitrary code on the system, caused by incorrect pointer scaling. By sending a specially crafted packet, an attacker could exploit this vulnerability to read arbitrary information or execute malicious code.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2024-1917
- CVE-2024-1916
- CVE-2024-1915
- CVE-2024-0803
- CVE-2024-0802
Affected Vendors
Mitsubishi Electric
Affected Products
- Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU
- Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU
Remediation
Refer to Mitsubishi Electric advisory for patch, upgrade or suggested workaround information.