207 matches found
CVE-2023-2061
CVE-2023-2061 describes an authentication bypass in Mitsubishi Electric MELSEC iQ-R Series RJ71EIP91 and iQ-F Series FX5-ENET/IP EtherNet/IP modules due to use of hard-coded credentials in the FTP function. The underlying cause is a hard-coded password that permits remote unauthenticated FTP acce...
Mitsubishi Electric MELSEC 信任管理问题漏洞
The Mitsubishi Electric MELSEC iQ-R series and the Mitsubishi Electric MELSEC iQ-F series are both programmable logic controllers from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC that stems from the use of hard-coded passwords. An attacker could...
PT-2023-2998 · Mitsubishi · Melsec Iq-R Series Ethernet/Ip Module Rj71Eip91 +1
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 affected versions not specified Mitsubishi Electric Corporation MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP affected versions not specified Description: The...
Mitsubishi Electric 多款产品安全漏洞
The Mitsubishi Electric MELSEC iQ-R series and the Mitsubishi Electric MELSEC iQ-F series are both programmable logic controllers from Mitsubishi Electric Japan. A security vulnerability exists in several Mitsubishi Electric products, which is caused by a missing mask when entering a password fie...
PT-2023-3766 · Mitsubishi · Melsec Iq-F Series Ethernet/Ip Module Fx5-Enet/Ip +1
Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 affected versions not specified MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP affected versions not specified Description: The issue is related to an unrestricted upload of files with...
PT-2023-3007 · Mitsubishi · Melsec Iq-F Series Ethernet/Ip Module Fx5-Enet/Ip +1
Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 affected versions not specified MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP affected versions not specified Description: The issue is related to the use of hard-coded passwords in the FTP...
Buffer overflow
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service DoS condition or execute malicious code on ...
Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series Improper Resource Shutdown or Release (CVE-2022-33324)
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions 32 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Firmware versions 65 and prior, Mitsubishi Electric Corporation MELSEC iQ...
CVE-2023-0457
CVE-2023-0457 affects Mitsubishi Electric MELSEC iQ-F/R/Q/L series (including FX5U, FX5UJ, FX5S, FX5-ENET, FX5-ENET/IP and related iQ-R/Q/L variants). The vulnerability is a plaintext storage of a password in project files, enabling a remote, unauthenticated attacker to disclose plaintext credent...
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R Improper Input Validation (CVE-2022-25163)
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number 24061 or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number 24061 or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware...
Mitsubishi Electric Multiple Factory Automation Products (Update D)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2...
CVE-2022-40267 Authentication Bypass Vulnerability in Web Server Function on MELSEC Series
Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...
Mitsubishi Electric MELSEC iQ-F, iQ-R Series
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F and iQ-R Series products Vulnerability: Predictable Seed in Pseudo-Random Number Generator PRNG 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the...
CVE-2022-33324
CVE-2022-33324 affects Mitsubishi Electric MELSEC iQ-R series (R00/01/02 CPU up to 32), R04/R08/R16/R32 CPUs up to 65, R120 EN, R12CCPU-V up to 17, MELSEC iQ-L series (L04/L08/L16/L32H) up to 05, and MELIPC MI5122-VW up to 07. Verizon: remote unauthenticated attacker can cause a Denial of Service...
CVE-2022-33324 Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSE...
PT-2022-21771 · Mitsubishi · Melsec Iq-R Series R12Ccpu-V +5
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions 32 and prior Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Firmware versions 65 and prior Mitsubishi Electric Corporation MELSEC iQ-R...
Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update E)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability : Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Mitsubishi Electric MELSEC iQ-R Series Improper Input Validation (CVE-2022-40265)
Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version 65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version 65 and prior allows a remote unauthenticated attacker to...
Mitsubishi Electric FA Engineering Software (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...
Mitsubishi Electric Corporation MELSEC iQ-R Series Input Validation Error Vulnerability
The MELSEC iQ-R series is a programmable logic controller developed by Mitsubishi Electric Corporation. An input validation error vulnerability exists in the MELSEC iQ-R Series network component firmware version 65 and earlier versions, which can be exploited by an unauthenticated, remote attacke...