Filtered by vendor Mitsubishielectric
Subscribe
Total
158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12009 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. | |||||
| CVE-2020-5600 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | |||||
| CVE-2020-5544 | 1 Mitsubishielectric | 2 Iu1-1m20-d, Iu1-1m20-d Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | |||||
| CVE-2020-12007 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. | |||||
| CVE-2020-5543 | 1 Mitsubishielectric | 2 Iu1-1m20-d, Iu1-1m20-d Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | |||||
| CVE-2020-5546 | 1 Mitsubishielectric | 2 Iu1-1m20-d, Iu1-1m20-d Firmware | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet. | |||||
| CVE-2020-5531 | 1 Mitsubishielectric | 10 Mi5122-vw, Mi5122-vw Firmware, Q24dhccpu-v and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. | |||||
| CVE-2019-13555 | 1 Mitsubishielectric | 20 L02\/06\/26cpu, L02\/06\/26cpu-cm, L02\/06\/26cpu-cm Firmware and 17 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. | |||||
| CVE-2019-10976 | 1 Mitsubishielectric | 2 Electric Fr Configurator2, Electric Fr Configurator2 Firmware | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files. | |||||
| CVE-2019-10972 | 1 Mitsubishielectric | 1 Electric Fr Configurator2 | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
| Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted. | |||||
| CVE-2019-10977 | 1 Mitsubishielectric | 2 Qj71e71-100, Qj71e71-100 Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. | |||||
| CVE-2019-6535 | 1 Mitsubishielectric | 36 Q03udecpu, Q03udecpu Firmware, Q03udvcpu and 33 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash. | |||||
| CVE-2017-9634 | 1 Mitsubishielectric | 1 E-designer | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. | |||||
| CVE-2017-9636 | 1 Mitsubishielectric | 1 E-designer | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. | |||||
| CVE-2017-9638 | 1 Mitsubishielectric | 1 E-designer | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. | |||||
| CVE-2016-8370 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. | |||||
| CVE-2016-8368 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. | |||||
| CVE-2013-2817 | 1 Mitsubishielectric | 1 Mc-worx Suite | 2024-02-28 | 9.3 HIGH | N/A |
| An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. | |||||