Vulnerability Name:

CVE-2008-1546

Assigned:2008-03-21
Published:2008-03-21
Updated:2017-08-07
Summary:servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command.
CVSS v3 Severity:
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
7.0 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
6.1 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
References:Source: SREASON
Type: UNKNOWN
3794

Source: BUGTRAQ
Type: UNKNOWN
20071117 security contact for mitsubishi electric?

Source: BUGTRAQ
Type: UNKNOWN
20080322 hacking the mitsubishi GB-50A

Source: BID
Type: UNKNOWN
28406

Source: XF
Type: UNKNOWN
gb50-mimereceiveservlet-dos(41503)

Source: XF
Type: UNKNOWN
mitsubishielectric-gb50a-unath-access(41503)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:mitsubishi_electric:gb:50:*:*:*:*:*:*:*
  • OR cpe:/h:mitsubishi_electric:gb:50a:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    mitsubishi_electric gb 50
    mitsubishi_electric gb 50a