CVE-2019-6535

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-6535

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

M

itsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.

References
Link Resource
http://www.securityfocus.com/bid/106771 Third Party Advisory VDB Entry
https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02
http://www.securityfocus.com/bid/106771 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitsubishielectric:q03udvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q03udvcpu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitsubishielectric:q04udvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q04udvcpu:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitsubishielectric:q06udvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q06udvcpu:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitsubishielectric:q13udvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q13udvcpu:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitsubishielectric:q26udvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q26udvcpu:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitsubishielectric:q04udpvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q04udpvcpu:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mitsubishielectric:q06udpvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q06udpvcpu:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mitsubishielectric:q13udpvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q13udpvcpu:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:mitsubishielectric:q26udpvcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q26udpvcpu:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:mitsubishielectric:q03udecpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q03udecpu:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:mitsubishielectric:q04udehcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q04udehcpu:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:mitsubishielectric:q06udehcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q06udehcpu:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:mitsubishielectric:q10udehcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q10udehcpu:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:mitsubishielectric:q13udehcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q13udehcpu:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:mitsubishielectric:q20udehcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q20udehcpu:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:mitsubishielectric:q26udehcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q26udehcpu:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:mitsubishielectric:q50udehcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q50udehcpu:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:mitsubishielectric:q100udehcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:q100udehcpu:-:*:*:*:*:*:*:*
History

26 Jun 2025, 18:15

Type Values Removed Values Added
Summary (en) Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash. (en) Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02 -

26 Jun 2025, 17:15

Type Values Removed Values Added
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02 -

21 Nov 2024, 04:46

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/106771 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/106771 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02 - Third Party Advisory, US Government Resource
References
  • {'url': 'https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02', 'source': '[email protected]'}
Information

Published : 2019-02-05 19:29

Updated : 2025-06-26 18:15

NVD link : CVE-2019-6535

Mitre link : CVE-2019-6535

CVE.ORG link : CVE-2019-6535

JSON object : View

Products Affected

mitsubishielectric

CWE
CWE-400

Uncontrolled Resource Consumption