Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 Serial Number 20121 Remote Code Execution Vulnerability

Summary

In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.

Credit:

The information has been provided by Younes Dragoni
The original article can be found at: https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02


Details

Mitsubishielectric Firmware 20121 is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • Mitsubishi Electric Qj71e71-100 Firmware 20121

CVE Information:

CVE-2019-10977

Disclosure Timeline:
Publish Date:05/23/2019

Categories: News