CVE-2019-6535 HIGH

CVE-2019-6535: Mitsubishi Electric MELSEC-Q Series PLCs Resource Exhaustion

Vendor Mitsubishi Electric
Product Q03/04/06/13/26UDVCPU
Weakness CWE-400
Published February 5, 2019
Last update June 26, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.

Key dates

02Disclosure timeline

February 5, 2019 CVE published
June 26, 2025 Record updated