CVE-2019-6535

Published: Feb 5, 2019

Modified: Jun 26, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.

Vendor	Product	Versions
Mitsubishi Electric	Q03/04/06/13/26UDVCPU	affected `0 - <= serial number 20081`
Mitsubishi Electric	Q04/06/13/26UDPVCPU	affected `0 - <= serial number 20081`
Mitsubishi Electric	Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU	affected `0 - <= serial number 20101`

Weaknesses (CWE)

CWE-400

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

106771

vdb-entry

x_refsource_BID

https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-02

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-6535

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References