Lucene search
K

126 matches found

NVD
NVD
added 2022/01/21 7:15 p.m.41 views

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...

9.8CVSS0.02884EPSS
Exploits0References3
NVD
NVD
added 2022/01/21 7:15 p.m.29 views

CVE-2022-23127

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...

6.1CVSS0.01614EPSS
Exploits0References3
OSV
OSV
added 2022/01/21 7:15 p.m.4 views

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...

9.8CVSS7.4AI score0.02884EPSS
Exploits0References3
Prion
Prion
added 2022/01/21 7:15 p.m.22 views

Cross site scripting

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...

4.3CVSS7.1AI score0.01614EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2022/01/21 6:17 p.m.226 views

CVE-2022-23128

The CVE-2022-23128 entry describes an Incomplete List of Disallowed Inputs vulnerability affecting Mitsubishi Electric MC Works64 (versions 4.00A to 4.04E) and ICONICS GENESIS64, Hyper Historian, AnalytiX, and MobileHMI (versions 10.95.3 to 10.97). The root cause is a bypass of authentication via...

9.8CVSS9.6AI score0.02884EPSS
Exploits0References3Affected Software5
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.37 views

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...

9.8AI score0.02884EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.25 views

CVE-2022-23127

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...

6.7AI score0.01614EPSS
Exploits0References3
CVE
CVE
added 2022/01/21 6:17 p.m.169 views

CVE-2022-23127

CVE-2022-23127 is a Cross-site Scripting (CWE-79) vulnerability affecting ICONICS MobileHMI and Mitsubishi Electric MC Works64. Connected Red Hat and CVE records specify: MC Works64 versions up to 4.04E (10.95.210.01) and MobileHMI versions up to 10.96.2 are vulnerable due to improper input valid...

6.1CVSS6.5AI score0.01614EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2022/01/21 6:17 p.m.73 views

CVE-2022-23129

CVE-2022-23129 affects Mitsubishi Electric MC Works64 and ICONICS GENESIS64 where exporting GridWorX Server configuration to CSV saves authentication information in plaintext. Affected products: ICONICS GENESIS64 (versions 10.90 to 10.97) and MC Works64 (prior to 4.04E / 10.95.210.01). Root cause...

5.5CVSS5.5AI score0.00186EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.26 views

CVE-2022-23130

Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubish...

5.9CVSS5.8AI score0.01004EPSS
Exploits0References3
CVE
CVE
added 2022/01/21 6:17 p.m.214 views

CVE-2022-23130

CVE-2022-23130 describes a Buffer Over-read in Mitsubishi Electric MC Works64 (v4.00A–4.04E) and related ICONICS GENESIS64/GENESIS32 products up to prior versions. The root cause is a memory allocation error in the SQL query engine that can crash the SQL Server, enabling DoS when a config file wi...

5.9CVSS5.7AI score0.01004EPSS
Exploits0References3Affected Software3
Positive Technologies
Positive Technologies
added 2022/01/21 12:0 a.m.6 views

PT-2022-15872

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01 ICONICS GENESIS64 versions 10.97 and prior ICONICS Hyper Historian versions 10.97 and prior Description A buffer over-read issue allows an attacker to cause a...

5.9CVSS6.8AI score0.01004EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/01/20 12:0 a.m.5 views

Mitsubishi Electric MC Works64 安全漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric, Japan. A security vulnerability exists in Mitsubishi Electric MC Works64 that originates when exporting the GridWorX Server configuration exposes passwords in plaintext...

5.5CVSS5.8AI score0.00186EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/01/20 12:0 a.m.5 views

Mitsubishi Electric MC Works64 缓冲区错误漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A security vulnerability exists in Mitsubishi Electric MC Works64 that stems from a coding error in the SQL query engine memory allocation code that makes it possible to execute a seri...

5.9CVSS6.1AI score0.01004EPSS
Exploits0References7
ICS
ICS
added 2021/10/21 12:0 a.m.54 views

ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.5CVSS7.8AI score0.02186EPSS
Exploits0References5
CVE
CVE
added 2020/07/16 9:49 p.m.81 views

CVE-2020-12007

CVE-2020-12007 describes a deserialization vulnerability in ICONICS Genesis64/Genesis32 GenBroker components (FrameWorX server) that can enable remote code execution or a denial-of-service when processing specially crafted network packets. Affected products include GENESIS64 GenBroker64/FrameWorX...

9.8CVSS9.7AI score0.03938EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/07/16 9:14 p.m.34 views

CVE-2020-12013

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A 9.50.255.02; ICONICS GenBroker6...

9.5AI score0.03029EPSS
Exploits0References2
OSV
OSV
added 2020/07/16 8:15 p.m.3 views

CVE-2020-12009

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

7.5CVSS7.1AI score0.03596EPSS
Exploits0References2
Prion
Prion
added 2020/07/16 8:15 p.m.21 views

Deserialization of untrusted data

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

5CVSS7.8AI score0.03596EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/07/16 7:39 p.m.42 views

CVE-2020-12009

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A...

7.4AI score0.03596EPSS
Exploits0References2
Rows per page
Query Builder