Details of VAR-201608-0414

ID

VAR-201608-0414

TITLE

Mitsubishi LJ71E71-100-CM Communication module Web Service Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: fbb8c9e2-fce3-490d-9b8b-b7df6d709679 // CNVD: CNVD-2016-06360

DESCRIPTION

Mitsubishi L06 is a high-end PLC of Mitsubishi. Its Ethernet communication module LJ71E71-100-CM opens web services and supports http protocol communication. You can access and set device configuration information by logging in to the web server. In the HTTP message sent to the LJ71E71-100-CM, if it is a Connect type request, injecting a long string after the Connect field can trigger a buffer overflow of the communication module and there is a security vulnerability. Allowing an attacker to exploit this vulnerability results in a denial of service

Trust: 0.72

sources: CNVD: CNVD-2016-06360 // IVD: fbb8c9e2-fce3-490d-9b8b-b7df6d709679

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: fbb8c9e2-fce3-490d-9b8b-b7df6d709679 // CNVD: CNVD-2016-06360

AFFECTED PRODUCTS

vendor:	mitsubishi	model:	group l06 plc lj71e71-100-cm	scope:	-	version:	-	Trust: 0.6
vendor:	mitsubishi	model:	group l06 plc lj71e71-100-cm	scope:	eq	version:	*	Trust: 0.2

sources: IVD: fbb8c9e2-fce3-490d-9b8b-b7df6d709679 // CNVD: CNVD-2016-06360

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-06360
value:	HIGH
Trust: 0.6
IVD:	fbb8c9e2-fce3-490d-9b8b-b7df6d709679
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2016-06360
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	fbb8c9e2-fce3-490d-9b8b-b7df6d709679
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: fbb8c9e2-fce3-490d-9b8b-b7df6d709679 // CNVD: CNVD-2016-06360

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: fbb8c9e2-fce3-490d-9b8b-b7df6d709679

EXTERNAL IDS

db:	CNVD	id:	CNVD-2016-06360	Trust: 0.8
db:	IVD	id:	FBB8C9E2-FCE3-490D-9B8B-B7DF6D709679	Trust: 0.2

sources: IVD: fbb8c9e2-fce3-490d-9b8b-b7df6d709679 // CNVD: CNVD-2016-06360

SOURCES

db:	IVD	id:	fbb8c9e2-fce3-490d-9b8b-b7df6d709679
db:	CNVD	id:	CNVD-2016-06360

LAST UPDATE DATE

2022-05-17T02:03:18.455000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-06360

date:

2016-08-16T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	fbb8c9e2-fce3-490d-9b8b-b7df6d709679	date:	2016-08-16T00:00:00
db:	CNVD	id:	CNVD-2016-06360	date:	2016-09-26T00:00:00