CVE-2016-8368
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/02/2017
Last modified:
20/04/2025
Description
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:qj71e71-b5_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:qj71e71-b5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mitsubishielectric:qj71e71-b2_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mitsubishielectric:qj71e71-b2:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page