PT-2025-45178

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module affected versions not specified Description An improper validation of specified quantity in input within the TCP Communication Function can lead to a denial-of-service DoS condition...

EUVD-2019-4979

Malware in sbrugna...

Mitsubishi Electric MELSEC-Q Series CPU Module

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service DoS. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

CVE-2025-7405 Information Disclosure, Information Tampering, and Denial of Service (DoS) Vulnerability in MELSEC iQ-F Series CPU module

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the products does not...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on August 28, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-240-01 Mitsubishi Electric MELSEC iQ-F Series CPU Module ICSA-25-240-02 Mitsubishi...

Mitsubishi Electric MELSEC iQ-F Series CPU Module

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or write the device values of the product. In addition, the attacker may be able to stop the operation of the programs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

PT-2025-34595 · Mitsubishi · Melsec Iq-F Series Cpu Module

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module affected versions not specified Description: An improper handling of a length parameter inconsistency exists in the web server function of the product. This allows a remote,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the powercap: dtpmcpu module in the getpdpoweruw function that could result in a null pointer dereference...

CVE-2025-3755 Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service DoS condition in MELSOFT connection, or to...

CVE-2025-3755 Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service DoS condition in MELSOFT connection, or to...

Mitsubishi Electric MELSEC-Q and MELSEC-L Security Vulnerability

The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series of programmable logic controllers from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC-Q and MELSEC-L that stems from an incorrect pointer scaling vulnerability in the CPU module, which allow...

CVE-2023-4625 Denial-of-Service（DoS） Vulnerability in Web server function on MELSEC Series CPU module

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period...

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Equipment : MELSEC iQ-F/iQ-R Series Vulnerability : Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

Mitsubishi Electric MELSEC Series CPU Module Buffer Copy Without Checking Size of Input (CVE-2023-1424)

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service DoS condition or execute malicious code on a target product by sending special...

Mitsubishi Electric MELSEC Series CPU module (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC Series CPU module Vulnerability : Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

CVE-2022-25164

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

Information disclosure

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

CVE-2022-25164

CVE-2022-25164 is a cleartext storage vulnerability affecting Mitsubishi Electric GX Works3 (versions 1.000A–1.095Z) and MX OPC UA Module Configurator-R (1.08J and earlier). Root cause: sensitive data stored in cleartext, enabling remote, unauthenticated disclosure and potential access to MELSEC ...

Design/Logic Flaw

Honeywell Experion PKS Safety Manager SM and FSC through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell...

CVE-2022-30315

CVE-2022-30315 affects Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06. The vulnerability stems from the unauthenticated Safety Builder protocol used to download control logic (block-by-block FLD code) to the CPU module, with no cryptographic authentication or memory protect...