Vendor CVEs
Mitsubishielectric
All CVEs
194 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-5647 | 0.00 | — | 0.04 | Nov 6, 2020 | Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’… | |||
| CVE-2020-5646 | 0.00 | — | 0.04 | Nov 6, 2020 | NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and… | |||
| CVE-2020-5645 | 0.00 | — | 0.04 | Nov 6, 2020 | Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier,… | |||
| CVE-2020-5644 | 0.00 | — | 0.04 | Nov 6, 2020 | Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier,… | |||
| CVE-2020-5657 | 0.00 | — | 0.01 | Oct 30, 2020 | Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92… | |||
| CVE-2020-5658 | 0.00 | — | 0.03 | Oct 30, 2020 | Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number… | |||
| CVE-2020-5655 | 0.00 | — | 0.03 | Oct 30, 2020 | NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number… | |||
| CVE-2020-5656 | 0.00 | — | 0.03 | Oct 30, 2020 | Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are… | |||
| CVE-2020-5654 | 0.00 | — | 0.03 | Oct 30, 2020 | Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or… | |||
| CVE-2020-5653 | 0.00 | — | 0.03 | Oct 30, 2020 | Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or… | |||
| CVE-2020-5652 | 0.00 | — | 0.04 | Oct 30, 2020 | Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier,… | |||
| CVE-2020-12007 | 0.00 | — | 0.04 | Jul 16, 2020 | A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all… | |||
| CVE-2020-12015 | 0.00 | — | 0.02 | Jul 16, 2020 | A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC… | |||
| CVE-2020-12013 | 0.00 | — | 0.03 | Jul 16, 2020 | A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A… | |||
| CVE-2020-12009 | 0.00 | — | 0.04 | Jul 16, 2020 | A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC… | |||
| CVE-2020-5600 | 0.00 | — | 0.02 | Jul 7, 2020 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network… | |||
| CVE-2020-5599 | 0.00 | — | 0.03 | Jul 7, 2020 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability,… | |||
| CVE-2020-5598 | 0.00 | — | 0.02 | Jul 7, 2020 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access… | |||
| CVE-2020-5597 | 0.00 | — | 0.02 | Jul 7, 2020 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network… | |||
| CVE-2020-5596 | 0.00 | — | 0.02 | Jul 7, 2020 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the… | |||
| CVE-2020-5595 | 0.00 | — | 0.02 | Jul 7, 2020 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of… | |||
| CVE-2020-5603 | 0.00 | — | 0.01 | Jun 30, 2020 | Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT… | |||
| CVE-2020-5602 | 0.00 | — | 0.01 | Jun 30, 2020 | Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX… | |||
| CVE-2020-5594 | 0.00 | — | 0.01 | Jun 23, 2020 | Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. | |||
| CVE-2020-13238 | 0.00 | — | 0.03 | Jun 10, 2020 | Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is… | |||
| CVE-2020-5527 | 0.00 | — | 0.01 | Mar 30, 2020 | When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified… | |||
| CVE-2020-5547 | 0.00 | — | 0.02 | Mar 16, 2020 | Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | |||
| CVE-2020-5545 | 0.00 | — | 0.02 | Mar 16, 2020 | TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet. | |||
| CVE-2020-5546 | 0.00 | — | 0.01 | Mar 16, 2020 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop… | |||
| CVE-2020-5543 | 0.00 | — | 0.02 | Mar 16, 2020 | TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | |||
| CVE-2020-5544 | 0.00 | — | 0.02 | Mar 16, 2020 | Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | |||
| CVE-2020-5542 | 0.00 | — | 0.02 | Mar 16, 2020 | Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | |||
| CVE-2020-5531 | 0.00 | — | 0.02 | Feb 17, 2020 | Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function… | |||
| CVE-2019-13555 | 0.00 | — | 0.02 | Nov 13, 2019 | In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number… | |||
| CVE-2019-14930 | 0.00 | — | 0.02 | Oct 28, 2019 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the… | |||
| CVE-2019-14926 | 0.00 | — | 0.02 | Oct 28, 2019 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial… | |||
| CVE-2019-10972 | 0.00 | — | 0.01 | Jul 25, 2019 | Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding… | |||
| CVE-2019-10976 | 0.00 | — | 0.01 | Jul 25, 2019 | Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files. | |||
| CVE-2019-10977 | 0.00 | — | 0.04 | May 23, 2019 | In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. | |||
| CVE-2019-6535 | 0.00 | — | 0.04 | Feb 5, 2019 | Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result… | |||
| CVE-2018-0667 | 0.00 | — | 0.01 | Jan 9, 2019 | Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2015-3938 | 0.00 | — | 0.02 | Oct 6, 2015 | The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. | |||
| CVE-2014-7486 | 0.00 | — | 0.00 | Oct 20, 2014 | The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2008-1546 | 0.00 | — | 0.02 | Mar 28, 2008 | servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. |
- CVE-2020-5647Nov 6, 2020risk 0.00cvss —epss 0.04
Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’…
- CVE-2020-5646Nov 6, 2020risk 0.00cvss —epss 0.04
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and…
- CVE-2020-5645Nov 6, 2020risk 0.00cvss —epss 0.04
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier,…
- CVE-2020-5644Nov 6, 2020risk 0.00cvss —epss 0.04
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier,…
- CVE-2020-5657Oct 30, 2020risk 0.00cvss —epss 0.01
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92…
- CVE-2020-5658Oct 30, 2020risk 0.00cvss —epss 0.03
Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number…
- CVE-2020-5655Oct 30, 2020risk 0.00cvss —epss 0.03
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number…
- CVE-2020-5656Oct 30, 2020risk 0.00cvss —epss 0.03
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are…
- CVE-2020-5654Oct 30, 2020risk 0.00cvss —epss 0.03
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or…
- CVE-2020-5653Oct 30, 2020risk 0.00cvss —epss 0.03
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or…
- CVE-2020-5652Oct 30, 2020risk 0.00cvss —epss 0.04
Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier,…
- CVE-2020-12007Jul 16, 2020risk 0.00cvss —epss 0.04
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all…
- CVE-2020-12015Jul 16, 2020risk 0.00cvss —epss 0.02
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC…
- CVE-2020-12013Jul 16, 2020risk 0.00cvss —epss 0.03
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A…
- CVE-2020-12009Jul 16, 2020risk 0.00cvss —epss 0.04
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC…
- CVE-2020-5600Jul 7, 2020risk 0.00cvss —epss 0.02
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network…
- CVE-2020-5599Jul 7, 2020risk 0.00cvss —epss 0.03
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability,…
- CVE-2020-5598Jul 7, 2020risk 0.00cvss —epss 0.02
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access…
- CVE-2020-5597Jul 7, 2020risk 0.00cvss —epss 0.02
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network…
- CVE-2020-5596Jul 7, 2020risk 0.00cvss —epss 0.02
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the…
- CVE-2020-5595Jul 7, 2020risk 0.00cvss —epss 0.02
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of…
- CVE-2020-5603Jun 30, 2020risk 0.00cvss —epss 0.01
Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT…
- CVE-2020-5602Jun 30, 2020risk 0.00cvss —epss 0.01
Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX…
- CVE-2020-5594Jun 23, 2020risk 0.00cvss —epss 0.01
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.
- CVE-2020-13238Jun 10, 2020risk 0.00cvss —epss 0.03
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is…
- CVE-2020-5527Mar 30, 2020risk 0.00cvss —epss 0.01
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified…
- CVE-2020-5547Mar 16, 2020risk 0.00cvss —epss 0.02
Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
- CVE-2020-5545Mar 16, 2020risk 0.00cvss —epss 0.02
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet.
- CVE-2020-5546Mar 16, 2020risk 0.00cvss —epss 0.01
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop…
- CVE-2020-5543Mar 16, 2020risk 0.00cvss —epss 0.02
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
- CVE-2020-5544Mar 16, 2020risk 0.00cvss —epss 0.02
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
- CVE-2020-5542Mar 16, 2020risk 0.00cvss —epss 0.02
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
- CVE-2020-5531Feb 17, 2020risk 0.00cvss —epss 0.02
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function…
- CVE-2019-13555Nov 13, 2019risk 0.00cvss —epss 0.02
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number…
- CVE-2019-14930Oct 28, 2019risk 0.00cvss —epss 0.02
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the…
- CVE-2019-14926Oct 28, 2019risk 0.00cvss —epss 0.02
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial…
- CVE-2019-10972Jul 25, 2019risk 0.00cvss —epss 0.01
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding…
- CVE-2019-10976Jul 25, 2019risk 0.00cvss —epss 0.01
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.
- CVE-2019-10977May 23, 2019risk 0.00cvss —epss 0.04
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.
- CVE-2019-6535Feb 5, 2019risk 0.00cvss —epss 0.04
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result…
- CVE-2018-0667Jan 9, 2019risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2015-3938Oct 6, 2015risk 0.00cvss —epss 0.02
The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter.
- CVE-2014-7486Oct 20, 2014risk 0.00cvss —epss 0.00
The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2008-1546Mar 28, 2008risk 0.00cvss —epss 0.02
servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command.
Page 4 of 4