Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 Serial Number 20121 Remote Code Execution Vulnerability
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.
The information has been provided by Younes Dragoni
The original article can be found at: https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02
Mitsubishielectric Firmware 20121 is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
- Mitsubishi Electric Qj71e71-100 Firmware 20121