What is CVE-2019-13555?

CVE-2019-13555 is a vulnerability in Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU, Q04/06/13/26UDPVCPU, Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC-L Series L02/06/26CPU, and L26CPU-BT with specific serial numbers and firmware versions prior to certain numbers.

What is the severity of CVE-2019-13555?

The severity of CVE-2019-13555 is rated as medium with a severity value of 5.9.

Which software is affected by CVE-2019-13555?

The Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU, Q04/06/13/26UDPVCPU, Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC-L Series L02/06/26CPU, and L26CPU-BT with specific serial numbers and firmware versions prior to certain numbers are affected by CVE-2019-13555.

How can I fix CVE-2019-13555?

To fix CVE-2019-13555, update the firmware of the affected Mitsubishi Electric MELSEC-Q and MELSEC-L Series devices to versions later than the specified vulnerable versions.

Where can I find more information about CVE-2019-13555?

You can find more information about CVE-2019-13555 on the US-CERT website at the following link: https://www.us-cert.gov/ics/advisories/icsa-19-311-01

Vulnerability/
CVE-2019-13555

medium

5.9

CWE

400

13/11/2019

4/8/2024

CVE-2019-13555

First published: Wed Nov 13 2019(Updated: )

In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Mitsubishielectric Q03\/04\/06\/13\/26udvcpu Firmware	<=21081
Mitsubishielectric Q03\/04\/06\/13\/26udvcpu
Mitsubishielectric Q04\/06\/13\/26udpvcpu Firmware	<=21081
Mitsubishielectric Q04\/06\/13\/26udpvcpu
Mitsubishielectric Q03udecpu Firmware	<=21081
Mitsubishielectric Q03udecpu
Mitsubishielectric Q04\/06\/10\/13\/20\/26\/50\/100udehcpu Firmware	<=21081
Mitsubishielectric Q04\/06\/10\/13\/20\/26\/50\/100udehcpu
Mitsubishielectric L02\/06\/26cpu Firmware	<=21101
Mitsubishielectric L02\/06\/26cpu
Mitsubishielectric L26cpu-bt Firmware	<=21101
Mitsubishielectric L26cpu-bt
Mitsubishielectric L02\/06\/26cpu-p Firmware	<=21101
Mitsubishielectric L02\/06\/26cpu-p
Mitsubishielectric L26cpu-pbt Firmware	<=21101
Mitsubishielectric L26cpu-pbt
Mitsubishielectric L02\/06\/26cpu-cm Firmware	<=21101
Mitsubishielectric L02\/06\/26cpu-cm
Mitsubishielectric L26cpu-bt-cm Firmware	<=21101
Mitsubishielectric L26cpu-bt-cm

Never miss a vulnerability like this again

Reference Links

https://www.us-cert.gov/ics/advisories/icsa-19-311-01

Frequently Asked Questions

What is CVE-2019-13555?
CVE-2019-13555 is a vulnerability in Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU, Q04/06/13/26UDPVCPU, Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC-L Series L02/06/26CPU, and L26CPU-BT with specific serial numbers and firmware versions prior to certain numbers.
What is the severity of CVE-2019-13555?
The severity of CVE-2019-13555 is rated as medium with a severity value of 5.9.
Which software is affected by CVE-2019-13555?
The Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU, Q04/06/13/26UDPVCPU, Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC-L Series L02/06/26CPU, and L26CPU-BT with specific serial numbers and firmware versions prior to certain numbers are affected by CVE-2019-13555.
How can I fix CVE-2019-13555?
To fix CVE-2019-13555, update the firmware of the affected Mitsubishi Electric MELSEC-Q and MELSEC-L Series devices to versions later than the specified vulnerable versions.
Where can I find more information about CVE-2019-13555?
You can find more information about CVE-2019-13555 on the US-CERT website at the following link: https://www.us-cert.gov/ics/advisories/icsa-19-311-01

collector/nvd-index
agent/author
agent/severity
agent/references
agent/type
agent/event
agent/weakness
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/mitsubishielectric
canonical/mitsubishielectric q03\/04\/06\/13\/26udvcpu firmware
version/mitsubishielectric q03\/04\/06\/13\/26udvcpu firmware/21081
canonical/mitsubishielectric q03\/04\/06\/13\/26udvcpu
canonical/mitsubishielectric q04\/06\/13\/26udpvcpu firmware
version/mitsubishielectric q04\/06\/13\/26udpvcpu firmware/21081
canonical/mitsubishielectric q04\/06\/13\/26udpvcpu
canonical/mitsubishielectric q03udecpu firmware
version/mitsubishielectric q03udecpu firmware/21081
canonical/mitsubishielectric q03udecpu
canonical/mitsubishielectric q04\/06\/10\/13\/20\/26\/50\/100udehcpu firmware
version/mitsubishielectric q04\/06\/10\/13\/20\/26\/50\/100udehcpu firmware/21081
canonical/mitsubishielectric q04\/06\/10\/13\/20\/26\/50\/100udehcpu
canonical/mitsubishielectric l02\/06\/26cpu firmware
version/mitsubishielectric l02\/06\/26cpu firmware/21101
canonical/mitsubishielectric l02\/06\/26cpu
canonical/mitsubishielectric l26cpu-bt firmware
version/mitsubishielectric l26cpu-bt firmware/21101
canonical/mitsubishielectric l26cpu-bt
canonical/mitsubishielectric l02\/06\/26cpu-p firmware
version/mitsubishielectric l02\/06\/26cpu-p firmware/21101
canonical/mitsubishielectric l02\/06\/26cpu-p
canonical/mitsubishielectric l26cpu-pbt firmware
version/mitsubishielectric l26cpu-pbt firmware/21101
canonical/mitsubishielectric l26cpu-pbt
canonical/mitsubishielectric l02\/06\/26cpu-cm firmware
version/mitsubishielectric l02\/06\/26cpu-cm firmware/21101
canonical/mitsubishielectric l02\/06\/26cpu-cm
canonical/mitsubishielectric l26cpu-bt-cm firmware
version/mitsubishielectric l26cpu-bt-cm firmware/21101
canonical/mitsubishielectric l26cpu-bt-cm