259 matches found
CVE-2022-25158
The CVE-2022-25158 vulnerability affects Mitsubishi Electric MELSEC iQ-F series FX5U(C) and FX5UJ; iQ-R series (R00/01/02, R04/08/16/32/120(EN), R08/16/32/120SF/PCPU, RJ71 variants, etc.); Q/L series (Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, Q03/04/06/13/26UDV/UDPVCPU, etc.); L series (L02/06...
CVE-2022-25159
CVE-2022-25159 describes an Authentication Bypass by Capture-replay affecting Mitsubishi Electric MELSEC iQ-F and iQ-R/Q/L series (FX5U, FX5UJ, R00/01/02, R04/08/16/32/120(EN), R08/16/32/120SF, R16/32/64MT, RJ71C24(-R2/R4), RJ71EN71, RJ72GF15-T2, Q03/04/06/13/26UDV, Q04/06/13/26UDPV, QJ71C24N(-R2...
CVE-2022-25157
CVE-2022-25157 affects Mitsubishi Electric MELSEC iQ-F/R/Q/L series (e.g., FX5U/FX5UJ, R00/01/02/04/08/16/32/120, Q, L lines and related RJ/J/Q modules). The vulnerability arises from using a password hash instead of the actual password for authentication, enabling a remote, unauthenticated attac...
CVE-2022-25156
The CVE-2022-25156 entry concerns Mitsubishi Electric FA products (MELSEC iQ-F FX5U(C)/FX5UJ, iQ-R, Q, L series variants and related RJ71/RJ72 modules) where a weak password hash enables a remote, unauthenticated login by replaying or reversing an eavesdropped password hash. The issue stems from ...
CVE-2022-25155
CVE-2022-25155 affects Mitsubishi Electric MELSEC iQ-F/R series and related Q/L families. It enables a remote unauthenticated attacker to log in by replaying an eavesdropped password hash, due to use of a password hash instead of the actual password for authentication. Affected products include F...
Mitsubishi Electric FA Products
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: FA products Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, Authentication Bypass by Capture-replay...
Mitsubishi Electric MELSEC iQ-R Improper Neutralization of Argument Delimiters in a Command (CVE-2020-5657)
Improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Modul...
Mitsubishi Electric MELSEC iQ-R Series Cleartext Transmission of Sensitive Information (CVE-2021-20599)
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentia...
Mitsubishi Electric MELSEC iQ-R Null Pointer Dereference (CVE-2020-5655)
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before,...
Mitsubishi Electric MELSEC iQ-R Series C Controller Module Uncontrolled Resource Consumption (CVE-2021-20600)
Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service DoS condition by sending a large number of packets in a short time while the module starting up. System reset is required for...
Mitsubishi Electric MELSEC iQ-R Resource Management Errors (CVE-2020-5658)
Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before,...
Mitsubishi Electric MELSEC iQ-R Session Fixation (CVE-2020-5654)
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96...
Mitsubishi Electric MELSEC iQ-R Improper Access Control (CVE-2020-5656)
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before,...
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-5666)
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120ENCPU Firmware versions from '35' to '51' allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may...
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-5668)
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 EN CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier,...
Mitsubishi Electric MELSEC iQ-R Series Insufficiently Protected Credentials (CVE-2021-20597)
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining...
Mitsubishi Electric MELSEC iQ-R Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2020-5653)
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 Hi...
Mitsubishi Electric MELSEC iQ-R, Q and L Series Uncontrolled Resource Consumption (CVE-2020-5652)
Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 EN CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU...
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-13238)
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to...
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-16850)
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to...