CVE-2019-6535

moderate-risk
Published 2019-02-05

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.

Do I need to act?

~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (18)

Q03Udvcpu Firmware
Q04Udvcpu Firmware
Q06Udvcpu Firmware
Q13Udvcpu Firmware
Q26Udvcpu Firmware
Q04Udpvcpu Firmware
Q06Udpvcpu Firmware
Q13Udpvcpu Firmware
Q26Udpvcpu Firmware
Q03Udecpu Firmware
Q04Udehcpu Firmware
Q06Udehcpu Firmware
Q10Udehcpu Firmware
Q13Udehcpu Firmware
Q20Udehcpu Firmware
Q26Udehcpu Firmware
Q50Udehcpu Firmware
Q100Udehcpu Firmware

Affected Vendors

Mitsubishielectric

References (4)

Third Party Advisory http://www.securityfocus.com/bid/106771
https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02
Third Party Advisory http://www.securityfocus.com/bid/106771
Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 4/34 · Minimal
Exposure 19/34 · Moderate