Vulnerability Description
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Q03\/04\/06\/13\/26Udvcpu Firmware | <= 21081 |
| Mitsubishielectric | Q03\/04\/06\/13\/26Udvcpu | - |
| Mitsubishielectric | Q04\/06\/13\/26Udpvcpu Firmware | <= 21081 |
| Mitsubishielectric | Q04\/06\/13\/26Udpvcpu | - |
| Mitsubishielectric | Q03Udecpu Firmware | <= 21081 |
| Mitsubishielectric | Q03Udecpu | - |
| Mitsubishielectric | Q04\/06\/10\/13\/20\/26\/50\/100Udehcpu Firmware | <= 21081 |
| Mitsubishielectric | Q04\/06\/10\/13\/20\/26\/50\/100Udehcpu | - |
| Mitsubishielectric | L02\/06\/26Cpu Firmware | <= 21101 |
| Mitsubishielectric | L02\/06\/26Cpu | - |
| Mitsubishielectric | L26Cpu-Bt Firmware | <= 21101 |
| Mitsubishielectric | L26Cpu-Bt | - |
| Mitsubishielectric | L02\/06\/26Cpu-P Firmware | <= 21101 |
| Mitsubishielectric | L02\/06\/26Cpu-P | - |
| Mitsubishielectric | L26Cpu-Pbt Firmware | <= 21101 |
| Mitsubishielectric | L26Cpu-Pbt | - |
| Mitsubishielectric | L02\/06\/26Cpu-Cm Firmware | <= 21101 |
| Mitsubishielectric | L02\/06\/26Cpu-Cm | - |
| Mitsubishielectric | L26Cpu-Bt-Cm Firmware | <= 21101 |
| Mitsubishielectric | L26Cpu-Bt-Cm | - |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-19-311-01Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-19-311-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-13555?
CVE-2019-13555 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial...
How severe is CVE-2019-13555?
CVE-2019-13555 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13555?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Q03\/04\/06\/13\/26Udvcpu Firmware, Mitsubishielectric Q03\/04\/06\/13\/26Udvcpu, Mitsubishielectric Q04\/06\/13\/26Udpvcpu Firmware, Mitsubishielectric Q04\/06\/13\/26Udpvcpu, Mitsubishielectric Q03Udecpu Firmware.