Vulnerabilities (CVE)

Filtered by vendor Mitsubishielectric Subscribe
Total 158 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5545 1 Mitsubishielectric 2 Iu1-1m20-d, Iu1-1m20-d Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet.
CVE-2020-5544 1 Mitsubishielectric 2 Iu1-1m20-d, Iu1-1m20-d Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
CVE-2020-5543 1 Mitsubishielectric 2 Iu1-1m20-d, Iu1-1m20-d Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
CVE-2020-5542 1 Mitsubishielectric 2 Iu1-1m20-d, Iu1-1m20-d Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
CVE-2020-5531 1 Mitsubishielectric 10 Mi5122-vw, Mi5122-vw Firmware, Q24dhccpu-v and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors.
CVE-2020-5527 1 Mitsubishielectric 92 Cr800-q, Cr800-q Firmware, Fx3g and 89 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.
CVE-2020-16850 1 Mitsubishielectric 38 R00cpu, R00cpu Firmware, R01cpu and 35 more 2024-11-21 7.8 HIGH 7.5 HIGH
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
CVE-2020-16226 1 Mitsubishielectric 186 Conveyor Tracking Application Apr-ntr12fh, Conveyor Tracking Application Apr-ntr20fh\(n\=1\,2\), Conveyor Tracking Application Apr-ntr3fh and 183 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.
CVE-2020-14523 1 Mitsubishielectric 27 Cw Configurator, Fr Configurator2, Gx Works2 and 24 more 2024-11-21 7.5 HIGH 8.3 HIGH
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.
CVE-2020-14521 1 Mitsubishielectric 60 C Controller Interface Module Utility, C Controller Module Setting And Monitoring Tool, Cc-link Ie Control Network Data Collector and 57 more 2024-11-21 7.5 HIGH 8.3 HIGH
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
CVE-2020-14496 1 Mitsubishielectric 29 Cpu Module Logging Configuration Tool, Cw Configurator, Data Transfer and 26 more 2024-11-21 7.5 HIGH 8.3 HIGH
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
CVE-2020-13238 1 Mitsubishielectric 42 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 39 more 2024-11-21 7.8 HIGH 7.5 HIGH
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
CVE-2020-12015 2 Iconics, Mitsubishielectric 11 Bizviz, Energy Analytix, Facility Analytix and 8 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
CVE-2020-12013 2 Iconics, Mitsubishielectric 11 Bizviz, Energy Analytix, Facility Analytix and 8 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
CVE-2020-12011 2 Iconics, Mitsubishielectric 11 Bizviz, Energy Analytix, Facility Analytix and 8 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
CVE-2020-12009 2 Iconics, Mitsubishielectric 11 Bizviz, Energy Analytix, Facility Analytix and 8 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
CVE-2020-12007 2 Iconics, Mitsubishielectric 11 Bizviz, Energy Analytix, Facility Analytix and 8 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
CVE-2019-6535 1 Mitsubishielectric 36 Q03udecpu, Q03udecpu Firmware, Q03udvcpu and 33 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash.
CVE-2019-14931 2 Inea, Mitsubishielectric 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
CVE-2019-14930 2 Inea, Mitsubishielectric 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)