CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on April 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series Improper Resource Shutdown or Release (CVE-2022-33324)

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions 32 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Firmware versions 65 and prior, Mitsubishi Electric Corporation MELSEC iQ...

CVE-2023-0457

CVE-2023-0457 affects Mitsubishi Electric MELSEC iQ-F/R/Q/L series (including FX5U, FX5UJ, FX5S, FX5-ENET, FX5-ENET/IP and related iQ-R/Q/L variants). The vulnerability is a plaintext storage of a password in project files, enabling a remote, unauthenticated attacker to disclose plaintext credent...

Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R Improper Input Validation (CVE-2022-25163)

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number 24061 or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number 24061 or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware...

Mitsubishi Electric Multiple Factory Automation Products (Update D)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2...

CVE-2022-40267 Authentication Bypass Vulnerability in Web Server Function on MELSEC Series

Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...

Mitsubishi Electric MELSEC iQ-F, iQ-R Series

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F and iQ-R Series products Vulnerability: Predictable Seed in Pseudo-Random Number Generator PRNG 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the...

CVE-2022-33324

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSE...

CVE-2022-33324

CVE-2022-33324 affects Mitsubishi Electric MELSEC iQ-R series (R00/01/02 CPU up to 32), R04/R08/R16/R32 CPUs up to 65, R120 EN, R12CCPU-V up to 17, MELSEC iQ-L series (L04/L08/L16/L32H) up to 05, and MELIPC MI5122-VW up to 07. Verizon: remote unauthenticated attacker can cause a Denial of Service...

CVE-2022-33324 Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSE...

PT-2022-21771 · Mitsubishi · Melsec Iq-R Series R12Ccpu-V +5

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions 32 and prior Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Firmware versions 65 and prior Mitsubishi Electric Corporation MELSEC iQ-R...

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update E)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability : Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Mitsubishi Electric MELSEC iQ-R Series Improper Input Validation (CVE-2022-40265)

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version 65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version 65 and prior allows a remote unauthenticated attacker to...

Mitsubishi Electric FA Engineering Software (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...

Mitsubishi Electric Corporation MELSEC iQ-R Series Input Validation Error Vulnerability

The MELSEC iQ-R series is a programmable logic controller developed by Mitsubishi Electric Corporation. An input validation error vulnerability exists in the MELSEC iQ-R Series network component firmware version 65 and earlier versions, which can be exploited by an unauthenticated, remote attacke...

Mitsubishi Electric MELSEC iQ-R Series

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker...

CVE-2022-40265

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker...

Input validation

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker...

CVE-2022-40265

CVE-2022-40265 affects Mitsubishi Electric MELSEC iQ-R Series RJ71EN71 firmware versions prior to 65 and MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part firmware prior to 65. The vulnerability is caused by improper input validation, enabling a remote unauthenticated attacker to trigger a de...

CVE-2022-40265 Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker...