Skip to main content

Qj71Mes96 Firmware CVE-2020-16226

CRITICAL
Predictable Exact Value from Previous Values (CWE-342)
2020-10-05 ics-cert@hq.dhs.gov
Information Disclosure Qj71Mes96 Firmware Qj71Ws96 Firmware Q06Ccpu V Firmware Q24Dhccpu V Firmware Q24Dhccpu Vg Firmware R12Ccpu V Firmware Rd55Up06 V Firmware Rd55Up12 V Firmware Rj71Gn11 T2 Firmware Rj71En71 Firmware Qj71E71 100 Firmware Lj71E71 100 Firmware Qj71Mt91 Firmware Rd78Gn N 4 8 16 32 64 Firmware Rd78Ghv Firmware Rd78Ghw Firmware Nz2Gacp620 60 Firmware Nz2Gacp620 300 Firmware Nz2Ft Mt Firmware Nz2Ft Eip Firmware Q03Udecpu Firmware Qnudehcpu N 04 06 10 13 20 26 50 100 Firmware Qnudvcpu N 03 04 06 13 26 Firmware Qnudpvcpu N 04 06 13 2 Firmware Lncpu P N 02 06 26 Firmware L26Cpu P Bt Firmware Rncpu N 00 01 02 T Firmware Rncpu N 04 08 16 32 120 Firmware Rnencpu N 04 08 16 32 120 Firmware Rnsfcpu N 08 16 32 120 Firmware Rnpcpu N 08 16 32 120 Firmware Rnpsfcpu N 08 16 32 120 Firmware Fx5Uc 32Mt D Firmware Fx5Uc 32Mt Dss Firmware Fx5Uc 32Mt Ds Ts Firmware Fx5Uc 32Mt Dss Ts Firmware Fx5Uj 24Mr Es Firmware Fx5Uc 32Mr Ds Ts Firmware Fx5Uj 24Mt Es Firmware Fx5Uj 24Mt Ess Firmware Fx5Uj 40Mr Es Firmware Fx5Uj 40Mt Es Firmware Fx5Uj 40Mt Ess Firmware Fx5Uj 60Mr Es Firmware Fx5Uj 60Mt Es Firmware Fx5Uj 60Mt Ess Firmware Fx5 Enet Firmware Fx5 Enet Ip Firmware Fx5 Enet Adp Firmware Fx3G 14Mr Es Firmware Fx3G 14Mt Ess Firmware Fx3G 14Mr Ds Firmware Fx3G 14Mt Dss Firmware Fx3G 24Mr Es Firmware Fx3G 24Mt Ess Firmware Fx3G 24Mr Ds Firmware Fx3G 24Mt Dss Firmware Fx3G 40Mr Es Firmware Fx3G 40Mt Ess Firmware Fx3G 40Mr Ds Firmware Fx3G 40Mt Dss Firmware Fx3G 60Mr Es Firmware Fx3G 60Mt Ess Firmware Fx3G 60Mr Ds Firmware Fx3G 60Mt Dss Firmware Fx3G 32 Mt Dss Firmware Fx3U Enet Firmware Fx3U Enet L Firmware Fx3U Enet P502 Firmware Fx5 Cclgn Ms Firmware Iu1 1M20 D Firmware Le7 40Gu L Firmware Got2000 Series Gt21 Firmware Got Simple Series Gs21 Firmware Got1000 Series Gt14 Firmware Gt25 J71Gn13 T2 Firmware Fr A820 E Firmware Fr A840 E Firmware Fr A860 E Firmware Fr A842 E Firmware Fr A862 E Firmware Fr F820 E Firmware Fr F840 E Firmware Fr F860 E Firmware Fr F842 E Firmware Fr F862 E Firmware Fr A8Ncge Firmware Fr E800 Epa Firmware Fr E800 Epb Firmware Conveyor Tracking Application Apr Ntr12Fh Conveyor Tracking Application Apr Ntr20Fh N 1 2 Conveyor Tracking Application Apr Ntr3Fh Conveyor Tracking Application Apr Ntr6Fh Mr Je C Firmware Mr J4 Tm Firmware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 05, 2020 - 18:15 nvd
CRITICAL 9.8

DescriptionNVD

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

AnalysisAI

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-342. Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. Affected products include: Mitsubishielectric Qj71Mes96 Firmware, Mitsubishielectric Qj71Ws96 Firmware, Mitsubishielectric Q06Ccpu-V Firmware, Mitsubishielectric Q24Dhccpu-V Firmware, Mitsubishielectric Q24Dhccpu-Vg Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2020-16226 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy