Mitsubishi Electric MELSEC iQ-F, iQ-R Series Predictable Seed in Pseudo-Random Number Generator (CVE-2022-40267)

Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...

CVE-2022-25162

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/zx=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/zx=32,64,80, y=T,R, z=ES,DS,ESS,DSS with...

Mitsubishi Electric FA Products Use of Weak Hash (CVE-2022-25156)

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password...

Mitsubishi Electric FA Products Authentication Bypass By Capture-Replay (CVE-2022-25159)

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. This plugin only works with...

Mitsubishi Electric FA Products Cleartext Storage of Sensitive Information (CVE-2022-25160)

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previousl...

Mitsubishi Electric FA Products Cleartext Storage of Sensitive Information (CVE-2022-25158)

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext. This...

Mitsubishi Electric Multiple Products Predictable Exact Value From Previous Values (CVE-2020-16226)

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

PT-2021-12: Authentication pypass by capture-replay in FX5U(C) CPU and FX5UJ CPU modules

The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of bypass authorization using capture-replay of intercepted parameters. Exploitation of the vulnerability may allow an attacker who has intercepted the parameters of the...

PT-2021-10: Possibility of authorization in the file password mechanism using the password hash value in the FX5U(C) CPU and FX5UJ CPU modules

The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a password hash instead of a password for authentication. Exploiting the vulnerability may allow an attacker who knows the hash value of the password to perform...

PT-2021-13: Access to sensitive PLC information in FX5U(C) CPU and FX5UJ CPU modules

The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of access to sensitive PLC information. Exploiting the vulnerability may allow an attacker who has access to the project file to obtain the values of the parameters of th...

PT-2021-15: Denial of Service when Processing File with Incorrect Header Content in FX5U(C) CPU and FX5UJ CPU modules

The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with processing file with incorrect header content. Exploitation of the vulnerability allows an attacker to implement a Denial of Service when creating a file with a nonstandard structure and...