Vulnerability Description
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Electric Fr Configurator2 Firmware | < 1.16s |
| Mitsubishielectric | Electric Fr Configurator2 | - |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-19-204-01Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-19-204-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-10976?
CVE-2019-10976 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (...
How severe is CVE-2019-10976?
CVE-2019-10976 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10976?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Electric Fr Configurator2 Firmware, Mitsubishielectric Electric Fr Configurator2.