正文

Mitsubishi Electric 命令执行漏洞

admin
admin V管理员 /0 评论 /15 阅读
0303
此篇文章发布距今已超过1158天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Mitsubishi Electric 命令执行漏洞

  • CNNVD编号:CNNVD-202009-074
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2020-16226
  • 漏洞类型: 命令执行
  • 发布时间: 2020-09-01
  • 威胁类型: 远程
  • 更新时间: 2021-09-10
  • 厂        商:
  • 漏洞来源: Ta-Lun Yen of TXOn...

漏洞简介

ARC是一款用于创建和维护文件存档的软件包。TCP(Transmission Control Protocol,传输控制协议)是一种面向连接的、可靠的、基于字节流的传输层通信协议,由IETF的RFC 793定义。

Mitsubishi Electric 多个产品存在命令执行漏洞,该漏洞允许攻击者冒充合法设备,从而使攻击者能够远程执行任意命令。以下产品和版本受到影响:QJ71MES96 all versions,QJ71WS96 all versions,Q06CCPU-V all versions,Q24DHCCPU-V all versions,Q24DHCCPU-VG all versions,R12CCPU-V Version 13 and prior,RD55UP06-V Version 09 and prior,RD55UP12-V Version 01,RJ71GN11-T2 Version 11 and prior,RJ71EN71 all versions,QJ71E71-100 all versions,LJ71E71-100 all versions,QJ71MT91 all versions,RD78Gn(n=4,8,16,32,64) all versions,RD78GHV all versions,RD78GHW all versions,NZ2GACP620-60 all versions,NZ2GACP620-300 all versions,NZ2FT-MT all versions,NZ2FT-EIP all versions,Q03UDECPU the first 5 digits of serial number 22081 and prior,QnUDEHCPU(n=04/06/10/13/20/26/50/100) the first 5 digits of serial number 22081 and prior,QnUDVCPU(n=03/04/06/13/26) the first 5 digits of serial number 22031 and prior,QnUDPVCPU(n=04/06/13/26) the first 5 digits of serial number 22031 and prior,LnCPU(-P)(n=02/06/26) the first 5 digits of serial number 22051 and prior,L26CPU-(P)BT the first 5 digits of serial number 22051 and prior,RnCPU(n=00/01/02) Version 18 and prior,RnCPU(n=04/08/16/32/120) Version 50 and prior,RnENCPU(n=04/08/16/32/120) Version 50 and prior,RnSFCPU (n=08/16/32/120) Version 22 and prior,RnPCPU(n=08/16/32/120) Version 24 and prior,RnPSFCPU(n=08/16/32/120) Version 05 and prior,FX5U(C)-**M*/**,FX5UC-32M*/**-TS Version 1.210 and prior,FX5UJ-**M*/** Version 1.000,FX5-ENET Version 1.002 and prior,FX5-ENET/IP Version 1.002 and prior,FX3U-ENET-ADP Version 1.22 and prior,FX3GE-**M*/** the first 3 digits of serial number 20X and prior,FX3U-ENET Version 1.14 and prior,FX3U-ENET-L Version 1.14 and prior,FX3U-ENET-P502 Version 1.14 and prior,FX5-CCLGN-MS Version 1.000,IU1-1M20-D all versions,LE7-40GU-L all versions,GOT2000 Series GT21 Model all versions,GS Series all versions,GOT1000 Series GT14 Model all versions,GT25-J71GN13-T2 all versions,FR-A800-E Series production date December 2020 and prior,FR-F800-E Series production date December 2020 and prior,FR-A8NCG Production date August 2020 and prior,FR-E800-EPA Series Production date July 2020 and prior,FR-E800-EPB Series Production date July 2020 and prior,Conveyor Tracking Application APR-nTR3FH APR-nTR6FH APR-nTR12FH APR-nTR20FH(n=1,2) all versions (Discontinued product),MR-JE-C all versions,MR-J4-TM all versions。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:

http://www.mitsubishielectric.co.jp/products/

参考网址

来源:MISC

链接:https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3041/

来源:us-cert.cisa.gov

链接:https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-16226

受影响实体

    暂无


补丁

  • mitsubishielectric 远程命令执行漏洞的修复措施
    <!--
    2020-9-1
    -->