CVE-2019-6535 : What You Need to Know
Learn about CVE-2019-6535 affecting Mitsubishi Electric Q03/04/06/13/26UDVCPU and Q04/06/13/26UDPVCPU devices, allowing remote attacks to crash the Ethernet stack. Find mitigation steps and long-term security practices.
CVE-2019-6535 was published on January 29, 2019, by ICS-CERT. The vulnerability affects Mitsubishi Electric Q03/04/06/13/26UDVCPU and Q04/06/13/26UDPVCPU devices with specific serial numbers, allowing a remote attack that can crash the Ethernet stack.
Understanding CVE-2019-6535
This CVE entry identifies a vulnerability in certain Mitsubishi Electric devices that could be exploited remotely, leading to a denial of service.
What is CVE-2019-6535?
The vulnerability in Mitsubishi Electric Q03/04/06/13/26UDVCPU and Q04/06/13/26UDPVCPU devices allows a remote attacker to crash the Ethernet stack by sending specific bytes over Port 5007.
The Impact of CVE-2019-6535
The vulnerability poses a risk of a denial-of-service attack on the affected devices, potentially disrupting critical operations and services.
Technical Details of CVE-2019-6535
This section provides more in-depth technical information about the CVE.
Vulnerability Description
The vulnerability involves uncontrolled resource consumption (CWE-400), leading to a resource exhaustion condition in the Ethernet stack of the affected Mitsubishi Electric devices.
Affected Systems and Versions
- Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior
- Mitsubishi Electric Q04/06/13/26UDPVCPU: serial number 20081 and prior
- Mitsubishi Electric Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior
Exploitation Mechanism
The vulnerability can be exploited by sending specific bytes over Port 5007, triggering a crash in the Ethernet stack of the affected devices.
Mitigation and Prevention
Protecting systems from CVE-2019-6535 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Apply vendor-supplied patches or updates to mitigate the vulnerability.
- Implement network segmentation to limit exposure to potential attacks.
- Monitor network traffic for any suspicious activity targeting Port 5007.
Long-Term Security Practices
- Regularly update and patch all software and firmware on critical devices.
- Conduct security assessments and penetration testing to identify and address vulnerabilities proactively.
- Educate personnel on cybersecurity best practices to enhance overall security posture.
Patching and Updates
- Mitsubishi Electric may release patches or updates to address the vulnerability. Stay informed about security advisories and apply patches promptly.