VYPR
Vendor

Iconics

Products
5
CVEs
18
Across products
22
Status
Private

Products

5

Recent CVEs

18
  • CVE-2025-1960CriMar 12, 2025
    risk 0.64cvss 9.8epss 0.01

    CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly…

  • CVE-2016-2289HigApr 1, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.

  • CVE-2024-1574MedJul 4, 2024
    risk 0.44cvss 6.7epss 0.00

    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper…

  • CVE-2011-2089May 13, 2011
    risk 0.06cvss epss 0.38

    Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in…

  • CVE-2006-6488Dec 31, 2006
    risk 0.04cvss epss 0.08

    Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2)…

  • CVE-2020-12011Jul 16, 2020
    risk 0.01cvss epss 0.29

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A…

  • CVE-2024-7587Oct 22, 2024
    risk 0.00cvss epss 0.00

    Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite…

  • CVE-2022-33319Jul 20, 2022
    risk 0.00cvss epss 0.01

    Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital…

  • CVE-2022-2254Jul 1, 2022
    risk 0.00cvss epss 0.00

    A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.

  • CVE-2022-2253Jul 1, 2022
    risk 0.00cvss epss 0.01

    A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.

  • CVE-2020-12007Jul 16, 2020
    risk 0.00cvss epss 0.04

    A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all…

  • CVE-2020-12015Jul 16, 2020
    risk 0.00cvss epss 0.02

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC…

  • CVE-2020-12013Jul 16, 2020
    risk 0.00cvss epss 0.03

    A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A…

  • CVE-2020-12009Jul 16, 2020
    risk 0.00cvss epss 0.04

    A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC…

  • CVE-2014-0758Feb 24, 2014
    risk 0.00cvss epss 0.02

    An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.

  • CVE-2012-3018Jul 31, 2012
    risk 0.00cvss epss 0.00

    The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions…

  • CVE-2011-5089Apr 18, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.

  • CVE-2011-5088Apr 18, 2012
    risk 0.00cvss epss 0.03

    The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone…