Vulnerability identifier: #VU19524
Vulnerability risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-400
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Mitsubishi Electric FR Configurator2
Client/Desktop applications /
Software for system administration
Vendor: Mitsubishi Electric
Description
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the CPU exhaustion when an attacker provides the target with a rogue project file (.frc2). A remote attacker can trick a victim to open the rogue project, trigger CPU exhaustion and cause the software to quit responding until the application is restarted.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Mitsubishi Electric FR Configurator2: 1.16S
External links
http://www.mitsubishielectric.com/fa/download/software/drv/inv/vulnerability-protection/2019-001.pd...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.