Lucene search
Ta-Lun Yen of TXOne IoT/ICS Security Research Labs (Trend Micro)ZDI-20-1207HistorySep 08, 2020 - 12:00 a.m.
Mitsubishi Electric MELSEC iQ-F Predictable TCP Sequence Number Remote Code Execution Vulnerability
2020-09-0800:00:00
Ta-Lun Yen of TXOne IoT/ICS Security Research Labs (Trend Micro)
www.zerodayinitiative.com
12
remote code execution
mitsubishi electric
melsec iq-f
predictable sequence number
authentication bypass
ack packets
EPSS
0.005
Percentile
76.2%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mitsubishi Electric MELSEC iQ-F. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ACK packets. When generating ACK packets, the application uses a predictable sequence number. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
Related
ics
ics
Mitsubishi Electric Multiple Products (Update G)
2024-06-13 12:00:00
nessus
nessus
cve
cve
CVE-2020-16226
2020-10-05 18:15:13
prion
prion
Command injection
2020-10-05 18:15:00
nvd
nvd
CVE-2020-16226
2020-10-05 18:15:13
cvelist
cvelist
CVE-2020-16226 Mitsubishi Electric Multiple Products
2020-10-05 17:19:17