Lucene search
K

38 matches found

ICS
ICS
added 2023/11/30 7:0 a.m.26 views

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : FA Engineering Software Products Vulnerability : External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious...

7.8CVSS7.9AI score0.00261EPSS
Exploits0References10
Talos
Talos
added 2023/05/26 12:0 a.m.39 views

Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability

Talos Vulnerability Report TALOS-2023-1727 Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability May 26, 2023 CVE Number CVE-2023-1424 SUMMARY A memory corruption vulnerability exists in the MELSOFT Direct functionality of Mitsubishi Electric Corporation...

10CVSS9.2AI score0.0344EPSS
Exploits0
ICS
ICS
added 2023/02/27 8:46 p.m.70 views

Mitsubishi Electric MELSOFT iQ AppPortal

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS10AI score0.19008EPSS
Exploits2References4
The Hacker News
The Hacker News
added 2023/02/22 5:38 a.m.179 views

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...

9.8CVSS1.9AI score0.99999EPSS
Exploits19
CISA
CISA
added 2023/02/21 12:0 a.m.24 views

CISA Releases Two Industrial Control Systems Advisories

CISA released two 2 Industrial Control Systems ICS advisories on February 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

2.1AI score
Exploits0References2
ICS
ICS
added 2022/05/12 12:0 a.m.97 views

Mitsubishi Electric MELSOFT iQ AppPortal

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, Infinite Loop...

9.8CVSS10AI score0.97108EPSS
Exploits5References5
OSV
OSV
added 2021/12/17 5:15 p.m.6 views

CVE-2021-20607

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

5.5CVSS6.1AI score0.00932EPSS
Exploits0References3
OSV
OSV
added 2021/12/17 5:15 p.m.4 views

CVE-2021-20606

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

5.5CVSS6.1AI score
Exploits0References3
CVE
CVE
added 2021/12/17 4:10 p.m.65 views

CVE-2021-20607

CVE-2021-20607 is an integer underflow vulnerability in Mitsubishi Electric FA Engineering Software affecting GX Works2 (versions ≤ 1.606G), MELSOFT Navigator (≤ 2.84N), and EZSocket (≤ 5.4). The issue arises when processing a specially crafted project file, causing a denial-of-service in the aff...

5.5CVSS5.3AI score0.00932EPSS
Exploits0References3Affected Software3
CVE
CVE
added 2021/12/17 4:10 p.m.75 views

CVE-2021-20606

CVE-2021-20606 is an out-of-bounds read vulnerability affecting Mitsubishi Electric FA Engineering Software: GX Works2 ≤ 1.606G, MELSOFT Navigator ≤ 2.84N, and EZSocket ≤ 5.4. When a user opens a malicious project file, the software may read outside the intended buffer, potentially causing a Deni...

5.5CVSS5.3AI score0.00932EPSS
Exploits0References3Affected Software3
Positive Technologies
Positive Technologies
added 2021/12/17 12:0 a.m.5 views

PT-2021-14075 · Mitsubishi · Melsoft Navigator +2

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric GX Works2 versions 1.606G and prior Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior Mitsubishi Electric EZSocket versions 5.4 and prior Description: The issue allows an attacker to cause a Denial of Service...

5.5CVSS5.3AI score0.00932EPSS
Exploits0References5
ICS
ICS
added 2021/12/16 12:0 a.m.172 views

Mitsubishi Electric FA Engineering Software (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Vulnerabilities: Out-of-bounds Read, Integer Underflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-350-05...

5.5CVSS6AI score0.00932EPSS
Exploits0References4
ICS
ICS
added 2021/01/21 12:0 a.m.64 views

WAGO M&M Software fdtCONTAINER (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Equipment: fdtCONTAINER Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

7.8CVSS7.5AI score0.0134EPSS
Exploits0References5
CNVD
CNVD
added 2020/12/02 12:0 a.m.3 views

Denial of Service Vulnerability in MITSUBISHI FX3U-ENET-L (CNVD-2020-70577)

FX3U-ENET-L has 4 communication channels. Mitsubishi PLC Ethernet Module FX3U-ENET-L supports fixed buffer storage area communication, connection to MELSOFT, communication via MC series, and e-mail delivery. When connecting to MELSOFT, remote maintenance of PLC programs can be realized through GX...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/05/22 12:0 a.m.2 views

Multiple Mitsubishi Electric Products Resource Management Error Vulnerability

The Misubishi Electric MELSEC iQ-R series is a programmable logic controller from Misubishi Electric. A resource management error vulnerability exists in several Mitsubishi Electric products. An attacker could cause a denial of service by sending a large amount of data to the MELSOFT transport po...

7.5CVSS6.7AI score0.01331EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/31 4:37 a.m.2 views

Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port

Overview MELSOFT transmission port UDP/IP of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue CWE-400. When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does...

7.5CVSS6.8AI score0.01331EPSS
Exploits0References6
NVD
NVD
added 2020/03/30 8:15 a.m.14 views

CVE-2020-5527

When MELSOFT transmission port UDP/IP of Mitsubishi Electric MELSEC iQ-R series all versions, MELSEC iQ-F series all versions, MELSEC Q series all versions, MELSEC L series all versions, and MELSEC F series all versions receives massive amount of data via unspecified vectors, resource consumption...

7.5CVSS7.5AI score0.01331EPSS
Exploits0References2
Prion
Prion
added 2020/03/30 8:15 a.m.20 views

Design/Logic Flaw

When MELSOFT transmission port UDP/IP of Mitsubishi Electric MELSEC iQ-R series all versions, MELSEC iQ-F series all versions, MELSEC Q series all versions, MELSEC L series all versions, and MELSEC F series all versions receives massive amount of data via unspecified vectors, resource consumption...

5CVSS7.5AI score0.01331EPSS
Exploits0References2
Rows per page
Query Builder