Lucene search
K

207 matches found

BDU FSTEC
BDU FSTEC
added 2024/04/16 12:0 a.m.4 views

The vulnerability of the microprogrammed software of the MELSEC iQ-R Series Safety CPU and Series SIL2 Process CPU modules, related to incorrect privilege assignment, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the microprogramming software for MELSEC iQ-R Series Safety CPUs and Series SIL2 Process CPUs is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information usi...

6.8CVSS6.5AI score0.00697EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.5 views

PT-2024-2052 · Mitsubishi · Melsec Iq-R Series Cpu Modules +23

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R series CPU module affected versions not specified MELSEC iQ-L series CPU module affected versions not specified MELSEC iQ-R Ethernet Interface Module affected versions not specified MELSEC iQ-R CC-Link IE TSN Master/Local Module...

5.3CVSS6.7AI score0.00854EPSS
Exploits0References10
NVD
NVD
added 2024/02/13 7:15 a.m.59 views

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS6.2AI score0.00697EPSS
Exploits0References3
Prion
Prion
added 2024/02/13 7:15 a.m.16 views

Privilege escalation

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

4CVSS7AI score0.00697EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/13 6:27 a.m.11 views

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS6.6AI score0.00697EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/13 6:27 a.m.55 views

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS6.4AI score0.00697EPSS
Exploits0References3
CVE
CVE
added 2024/02/13 6:27 a.m.50 views

CVE-2023-6815

CVE-2023-6815 affects Mitsubishi Electric MELSEC iQ-R Series Safety CPU (R08SFCPU, R16SFCPU, R32SFCPU, R120SFCPU) and SIL2 Process CPU (R08PSFCPU, R16PSFCPU, R32PSFCPU, R120PSFCPU) across all versions. The vulnerability is an Incorrect Privilege Assignment that lets a remote, authenticated non-ad...

6.5CVSS6.2AI score0.00697EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.29 views

Mitsubishi Electric MELSEC iQ-R series 安全漏洞

The Mitsubishi Electric MELSEC iQ-R series is a programmable logic controller from Mitsubishi Electric Japan. The Mitsubishi Electric MELSEC iQ-R series suffers from an information disclosure vulnerability that can be exploited by an authenticated, remote attacker to log in to the product and...

6.5CVSS6.2AI score0.00697EPSS
Exploits0References4
ICS
ICS
added 2023/12/07 7:0 a.m.35 views

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor : Mitsubishi Electric Equipment : MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities : Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...

5.5CVSS6.2AI score0.00343EPSS
Exploits0References10
ICS
ICS
added 2023/11/02 6:0 a.m.44 views

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Equipment : MELSEC iQ-F/iQ-R Series Vulnerability : Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

5.3CVSS5.3AI score0.00942EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/06/30 12:0 a.m.19 views

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Unrestricted Upload of File with Dangerous Type (CVE-2023-2063)

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tamperin...

7.3CVSS7.3AI score0.00607EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/06/30 12:0 a.m.26 views

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Weak Password Requirements (CVE-2023-2060)

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or passwo...

7.5CVSS7.8AI score0.0084EPSS
Exploits0References4
ICS
ICS
added 2023/06/06 6:0 a.m.54 views

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missin...

7.5CVSS7.9AI score0.0084EPSS
Exploits0References10
NVD
NVD
added 2023/06/02 5:15 a.m.20 views

CVE-2023-2061

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via F...

7.5CVSS6.9AI score0.00549EPSS
Exploits0References2
NVD
NVD
added 2023/06/02 5:15 a.m.17 views

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/...

6.2CVSS6.8AI score0.00331EPSS
Exploits0References3
NVD
NVD
added 2023/06/02 5:15 a.m.22 views

CVE-2023-2060

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or passwo...

7.5CVSS7.7AI score0.0084EPSS
Exploits0References2
Prion
Prion
added 2023/06/02 5:15 a.m.23 views

Default credentials

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or passwo...

5CVSS7.6AI score0.0084EPSS
Exploits0References2
Prion
Prion
added 2023/06/02 5:15 a.m.16 views

Hardcoded credentials

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via F...

5CVSS7.6AI score0.00549EPSS
Exploits0References2
Prion
Prion
added 2023/06/02 5:15 a.m.16 views

Authentication flaw

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/...

2.1CVSS6.8AI score0.00331EPSS
Exploits0References2
Prion
Prion
added 2023/06/02 5:15 a.m.24 views

Design/Logic Flaw

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tamperin...

7.5CVSS7.2AI score0.00607EPSS
Exploits0References2
Rows per page
Query Builder