CVE-2019-10976

CVE-2019-10976

Vendor Mitsubishi Electric
Product Mitsubishi Electric FR Configurator2
Weakness CWE-611 · XXE
Published July 25, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.

Key dates

02Disclosure timeline

July 25, 2019 CVE published
August 4, 2024 Record updated