VYPR

MELSEC iQ-R Series

by Mitsubishielectric

CVEs (26)

  • CVE-2020-5527HigMar 30, 2020
    risk 0.49cvss 7.5epss 0.01

    When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified…

  • CVE-2025-7405HigSep 1, 2025
    risk 0.47cvss 7.3epss 0.00

    Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the…

  • CVE-2020-5657MedNov 2, 2020
    risk 0.42cvss 6.5epss 0.01

    Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92…

  • CVE-2022-40267MedJan 20, 2023
    risk 0.38cvss 5.9epss 0.01

    Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC…

  • CVE-2023-4625MedNov 6, 2023
    risk 0.35cvss 5.3epss 0.01

    Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a…

  • CVE-2025-5514MedAug 25, 2025
    risk 0.34cvss 5.3epss 0.01

    Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from…

Page 2 of 2