CVE-2024-1916

The CVE-2024-1916 issue affects Mitsubishi Electric MELSEC-Q/L Series CPU modules. A remote, unauthenticated attacker can exploit an Integer Overflow or Wraparound condition by sending a specially crafted packet to execute arbitrary code on affected devices. Affected products include MELSEC-Q Ser...

CVE-2024-1915

Summary: CVE-2024-1915 affects Mitsubishi Electric MELSEC-Q/L Series CPU modules (Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, Q03/04/06/13/26UDVCPU, Q04/06/13/26UDPVCPU, and MELSEC-L Series L02/06/26CPU(-P), L26CPU(-P)BT). A remote, unauthenticated attacker can trigger an Incorrect Pointer Scali...

CVE-2024-0803

CVE-2024-0803 affects Mitsubishi Electric MELSEC-Q/L Series CPU modules, where an Integer Overflow or Wraparound vulnerability can allow a remote, unauthenticated attacker to execute malicious code by sending a crafted packet. Affected products include MELSEC-Q/L Series CPUs (various models) with...

CVE-2024-0803

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet...

CVE-2024-0803

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet...

CVE-2024-0802

CVE-2024-0802 affects Mitsubishi Electric MELSEC-Q/L Series CPU modules (MELSEC-Q/L Series) and is an Incorrect Pointer Scaling vulnerability. A remote, unauthenticated attacker can read arbitrary data or execute code by sending a specially crafted packet. The NVD/ICS advisories cite a CVSS v3.1 ...

CVE-2024-0802

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted pack...

PT-2024-2282 · Mitsubishi · Melsec-L Series +1

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules affected versions not specified Description: The issue is related to an Integer Overflow or Wraparound vulnerability in the CPU modules of Mitsubishi Electric...

CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN...

Denial of service

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...

CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN...

CVE-2023-7033

CVE-2023-7033 describes an Insufficient Resource Pool vulnerability in the Ethernet function affecting Mitsubishi Electric MELSEC product families (including MELSEC iQ-F/FX5, iQ-R, iQ-L series CPUs and related Ethernet/communication modules, motion modules, inverters, and related CC‑Link IE TSN a...

CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN...

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module Improper Restriction of Excessive Authentication Attempts (CVE-2023-4625)

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after t...

CVE-2023-1424

The CVE-2023-1424 vulnerability affects Mitsubishi Electric MELSEC iQ-F and iQ-R Series CPU modules, enabling a remote attacker to cause DoS or potentially execute code via crafted MELSOFT Direct UDP packets (port 5560). Talos details describe a memory/stack corruption path through MELSOFT Direct...

CVE-2023-1424 Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service DoS condition or execute malicious code on ...

Mitsubishi Electric FA Engineering Software (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...

CVE-2022-29833

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...

CVE-2022-29833

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...

CVE-2022-29831

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules...