126 matches found
CVE-2022-23128
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...
CVE-2022-23127
Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...
CVE-2022-23128
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...
Cross site scripting
Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...
CVE-2022-23128
The CVE-2022-23128 entry describes an Incomplete List of Disallowed Inputs vulnerability affecting Mitsubishi Electric MC Works64 (versions 4.00A to 4.04E) and ICONICS GENESIS64, Hyper Historian, AnalytiX, and MobileHMI (versions 10.95.3 to 10.97). The root cause is a bypass of authentication via...
CVE-2022-23128
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...
CVE-2022-23127
Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...
CVE-2022-23127
CVE-2022-23127 is a Cross-site Scripting (CWE-79) vulnerability affecting ICONICS MobileHMI and Mitsubishi Electric MC Works64. Connected Red Hat and CVE records specify: MC Works64 versions up to 4.04E (10.95.210.01) and MobileHMI versions up to 10.96.2 are vulnerable due to improper input valid...
CVE-2022-23129
CVE-2022-23129 affects Mitsubishi Electric MC Works64 and ICONICS GENESIS64 where exporting GridWorX Server configuration to CSV saves authentication information in plaintext. Affected products: ICONICS GENESIS64 (versions 10.90 to 10.97) and MC Works64 (prior to 4.04E / 10.95.210.01). Root cause...
CVE-2022-23130
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubish...
CVE-2022-23130
CVE-2022-23130 describes a Buffer Over-read in Mitsubishi Electric MC Works64 (v4.00A–4.04E) and related ICONICS GENESIS64/GENESIS32 products up to prior versions. The root cause is a memory allocation error in the SQL query engine that can crash the SQL Server, enabling DoS when a config file wi...
PT-2022-15872
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01 ICONICS GENESIS64 versions 10.97 and prior ICONICS Hyper Historian versions 10.97 and prior Description A buffer over-read issue allows an attacker to cause a...
Mitsubishi Electric MC Works64 安全漏洞
Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric, Japan. A security vulnerability exists in Mitsubishi Electric MC Works64 that originates when exporting the GridWorX Server configuration exposes passwords in plaintext...
Mitsubishi Electric MC Works64 缓冲区错误漏洞
Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A security vulnerability exists in Mitsubishi Electric MC Works64 that stems from a coding error in the SQL query engine memory allocation code that makes it possible to execute a seri...
ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could...
CVE-2020-12007
CVE-2020-12007 describes a deserialization vulnerability in ICONICS Genesis64/Genesis32 GenBroker components (FrameWorX server) that can enable remote code execution or a denial-of-service when processing specially crafted network packets. Affected products include GENESIS64 GenBroker64/FrameWorX...
CVE-2020-12013
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A 9.50.255.02; ICONICS GenBroker6...
CVE-2020-12009
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...
Deserialization of untrusted data
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...
CVE-2020-12009
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...