CVE-2019-13555
MEDIUMMitsubishi Electric MELSEC-Q and MELSEC-L Series Firmware - Denial of Service via FTP Service
Title source: llmDescription
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-311-01
Scores
CVSS v3
5.9
EPSS
0.0051
EPSS Percentile
66.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (10)
mitsubishielectric/l02\/06\/26cpu-cm_firmware
< 21101
mitsubishielectric/l02\/06\/26cpu-p_firmware
< 21101
mitsubishielectric/l02\/06\/26cpu_firmware
< 21101
mitsubishielectric/l26cpu-bt-cm_firmware
< 21101
mitsubishielectric/l26cpu-bt_firmware
< 21101
mitsubishielectric/l26cpu-pbt_firmware
< 21101
mitsubishielectric/q03\/04\/06\/13\/26udvcpu_firmware
< 21081
mitsubishielectric/q03udecpu_firmware
< 21081
mitsubishielectric/q04\/06\/10\/13\/20\/26\/50\/100udehcpu_firmware
< 21081
mitsubishielectric/q04\/06\/13\/26udpvcpu_firmware
< 21081
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026