Incorrect Pointer Scaling in Mitsubishi Electric products - CVE-2024-0802

 

Incorrect Pointer Scaling in Mitsubishi Electric products - CVE-2024-0802

Published: March 15, 2024


Vulnerability identifier: #VU87556
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-0802
CWE-ID: CWE-468
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mitsubishi Electric
Affected software:
MELSEC-Q Q03UDECPU
Q04UDEHCPU
MELSEC iQ-Q 06 UDEHCPU
MELSEC iQ-Q 10 UDEHCPU
MELSEC iQ-Q 13 UDEHCPU
MELSEC iQ-Q 20 UDEHCPU
MELSEC iQ-Q 26 UDEHCPU
MELSEC iQ-Q 50 UDEHCPU
MELSEC iQ-Q 100 UDEHCPU
MELSEC iQ-Q 03 UDVCPU
MELSEC iQ-Q 04 UDVCPU
MELSEC iQ-Q 06 UDVCPU
MELSEC iQ-Q 13 UDVCPU
MELSEC iQ-Q 26 UDVCPU
MELSEC iQ-Q 04 UDPVCPU
MELSEC iQ-Q 06 UDPVCPU
MELSEC iQ-Q 13 UDPVCPU
MELSEC iQ-Q 26 UDPVCPU
MELSEC L Series L02CPU(-P)
MELSEC L Series L06CPU(-P)
MELSEC L Series L26CPU(-P)
MELSEC L Series L26CPU-(P)BT

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to incorrect pointer scaling. A remote attacker can send a specially crafted packet and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2024-0802

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources