1. EXECUTIVE SUMMARY
- CVSS v3.1 6.8
- ATTENTION: Exploitable remotely
- Vendor: Mitsubishi Electric
- Equipment: MELSEC-Q Series CPU module
- Vulnerability: Improper Handling of Length Parameter Inconsistency
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS).
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Mitsubishi Electric MELSEC-Q Series CPU modules are affected:
- MELSEC-Q Series Q03UDVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
- MELSEC-Q Series Q04UDVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
- MELSEC-Q Series Q06UDVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
- MELSEC-Q Series Q13UDVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
- MELSEC-Q Series Q26UDVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
- MELSEC-Q Series Q04UDPVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
- MELSEC-Q Series Q06UDPVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
- MELSEC-Q Series Q13UDPVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
- MELSEC-Q Series Q26UDPVCPU: The first 5 digits of serial No. ‘24082’ to ‘27081’
3.2 VULNERABILITY OVERVIEW
3.2.1 Improper Handling of Length Parameter Inconsistency CWE-130
A Denial-of-Service (DoS) vulnerability exists in the MELSEC-Q series CPU module when the user authentication function is enabled, due to improper handling of length parameter inconsistency.
CVE-2025-8531 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (A
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: