CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-0802

CVSS 9.8v3.1pub. 2024-03-15upd. 2026-04-15

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.

πŸ€– AI Analysis
How it works

The vulnerability is caused by incorrect pointer scaling (Incorrect Pointer Scaling, CWE-468) in the processing of network packets by CPU modules. An attacker sends a specially crafted network packet that causes the pointer logic to reference incorrect memory areas. As a result, both reading arbitrary data from device memory and executing malicious code in its context are possible.

Impact

An attacker can read any information stored in the target CPU module or execute malicious code on it, which may lead to complete takeover of the industrial controller and disruption of production processes.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (Mitsubishi Electric Security Advisory 2023-024 and CISA advisory ICSA-24-074-14). Additionally, it is recommended to restrict network access to CPU modules only to authorized hosts through the use of firewalls and OT/IT network segmentation.

Who is affected

MELSEC-Q and MELSEC-L series CPU modules from Mitsubishi Electric Corporation β€” specific firmware versions indicated in the manufacturer's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References
CVE-2024-0802 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl