Filtered by vendor Mitsubishielectric
Subscriptions
Total
158 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4562 | 1 Mitsubishielectric | 380 Fx3g-14 Mr\/ds, Fx3g-14 Mr\/ds Firmware, Fx3g-14 Mr\/es and 377 more | 2024-08-02 | 9.1 Critical |
| Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. | ||||
| CVE-2023-3373 | 1 Mitsubishielectric | 4 Gs21, Gs21 Firmware, Gt21 and 1 more | 2024-08-02 | 5.9 Medium |
| Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. | ||||
| CVE-2023-3346 | 1 Mitsubishielectric | 42 C80, C80 Firmware, E70 and 39 more | 2024-08-02 | 9.8 Critical |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery. | ||||
| CVE-2023-2846 | 1 Mitsubishielectric | 300 Fx3g-14mr\/ds, Fx3g-14mr\/ds Firmware, Fx3g-14mr\/es and 297 more | 2024-08-02 | 7.5 High |
| Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. | ||||
| CVE-2023-2060 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2024-08-02 | 7.5 High |
| Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing. | ||||
| CVE-2023-2061 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2024-08-02 | 6.2 Medium |
| Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP. | ||||
| CVE-2023-2063 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2024-08-02 | 6.3 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks. | ||||
| CVE-2023-1618 | 1 Mitsubishielectric | 2 Melsec Ws0-geth00200, Melsec Ws0-geth00200 Firmware | 2024-08-02 | 7.5 High |
| Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware. | ||||
| CVE-2023-1424 | 1 Mitsubishielectric | 78 Melsec Iq-fx5u-32mr\/ds, Melsec Iq-fx5u-32mr\/ds Firmware, Melsec Iq-fx5u-32mr\/dss and 75 more | 2024-08-02 | 10 Critical |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution. | ||||
| CVE-2023-1285 | 1 Mitsubishielectric | 2 Gc-enet-com, Gc-enet-com Firmware | 2024-08-02 | 7.5 High |
| Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit. | ||||
| CVE-2023-0457 | 1 Mitsubishielectric | 76 Fx5-enet, Fx5-enet\/ip, Fx5-enet\/ip Firmware and 73 more | 2024-08-02 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. | ||||
| CVE-2024-26314 | 3 Iconics, Jungo, Mitsubishielectric | 49 Genesis64, Windriver, C Controller Module Setting And Monitoring Tool and 46 more | 2024-08-02 | 7.8 High |
| Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. | ||||
| CVE-2024-25086 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 7.8 High |
| Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. | ||||
| CVE-2024-25088 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 7.8 High |
| Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. | ||||
| CVE-2024-22102 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 5.5 Medium |
| Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error. | ||||
| CVE-2024-22106 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 8.8 High |
| Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). | ||||
| CVE-2024-22104 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 5.5 Medium |
| Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | ||||
| CVE-2024-22103 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 5.5 Medium |
| Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | ||||