80 matches found
Design/Logic Flaw
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...
Hardcoded credentials
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules...
CVE-2022-29833
CVE-2022-29833 affects Mitsubishi Electric GX Works3, versions 1.015R and later. The issue is labeled Insufficiently Protected Credentials, enabling a remote unauthenticated attacker to disclose sensitive information, potentially allowing access to MELSEC safety CPU modules. Connected advisories ...
CVE-2022-29833
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...
CVE-2022-29832
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...
CVE-2022-29831
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules...
CVE-2022-29831
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules...
CVE-2022-29831
CVE-2022-29831 affects Mitsubishi Electric GX Works3, specifically versions 1.015R–1.095Z, with a vulnerability in hard-coded passwords that could allow a remote, unauthenticated attacker to obtain information about the MELSEC safety CPU module project file. The vulnerability is documented with a...
PT-2022-19863 · Mitsubishi · Gx Works3
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation GX Works3 versions 1.015R and later Description: The issue allows a remote unauthenticated attacker to disclose sensitive information, enabling unauthenticated users to access MELSEC safety CPU modules illegall...
CVE-2021-32986
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...
CVE-2021-32984
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...
CVE-2021-32978
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...
CVE-2021-32980
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...
CVE-2021-32980
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...
Design/Logic Flaw
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...
Authentication flaw
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...
Authorization
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...
Buffer overflow
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange...
CVE-2021-32986
The CVE affects Automation Direct CLICK PLC CPU Modules (C0-1x CPUs) with firmware prior to v3.00. The vulnerability is an authentication bypass where, once an authorized user unlocks the PLC, the unlocked state does not timeout and remains usable if the programming software is interrupted; all s...
CVE-2021-32978
The CVE-2021-32978 entry describes a vulnerability in Automation Direct CLICK PLC CPU Modules (C0-1x) with firmware prior to v3.00 where a previously entered password and lock state can be read from the programming protocol, effectively exposing credentials and enabling unlocks if the password wa...