CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-1915

CVSS 9.8v3.1pub. 2024-03-15upd. 2026-04-15

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

πŸ€– AI Analysis
How it works

The vulnerability results from incorrect pointer scaling (CWE-468) in the implementation of network packet handling in CPU modules. The attacker sends a specially crafted network packet to the vulnerable device without needing to possess any credentials. Incorrect pointer operations can lead to writing or reading data in unexpected memory locations, which effectively enables arbitrary code execution on the CPU module.

Impact

A remote, unauthenticated attacker can execute arbitrary malicious code on a vulnerable CPU module, which in an industrial environment may result in takeover of the technological process, its disruption, or complete shutdown.

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with the references β€” detailed update instructions are contained in the Mitsubishi Electric PSIRT guide (2023-024) and CISA advisory ICSA-24-074-14. Additionally, it is recommended to restrict network access to CPU modules through industrial network segmentation and firewall deployment.

Who is affected

CPU modules of the MELSEC-Q and MELSEC-L series from Mitsubishi Electric Corporation β€” specific versions indicated in manufacturer references (Mitsubishi Electric PSIRT security guide and CISA advisory ICSA-24-074-14).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References
CVE-2024-1915 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl