38 matches found
Mitsubishi Electric FA Engineering Software Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : FA Engineering Software Products Vulnerability : External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious...
Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1727 Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability May 26, 2023 CVE Number CVE-2023-1424 SUMMARY A memory corruption vulnerability exists in the MELSOFT Direct functionality of Mitsubishi Electric Corporation...
Mitsubishi Electric MELSOFT iQ AppPortal
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these...
U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...
CISA Releases Two Industrial Control Systems Advisories
CISA released two 2 Industrial Control Systems ICS advisories on February 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
Mitsubishi Electric MELSOFT iQ AppPortal
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, Infinite Loop...
CVE-2021-20607
Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...
CVE-2021-20606
Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...
CVE-2021-20607
CVE-2021-20607 is an integer underflow vulnerability in Mitsubishi Electric FA Engineering Software affecting GX Works2 (versions ≤ 1.606G), MELSOFT Navigator (≤ 2.84N), and EZSocket (≤ 5.4). The issue arises when processing a specially crafted project file, causing a denial-of-service in the aff...
CVE-2021-20606
CVE-2021-20606 is an out-of-bounds read vulnerability affecting Mitsubishi Electric FA Engineering Software: GX Works2 ≤ 1.606G, MELSOFT Navigator ≤ 2.84N, and EZSocket ≤ 5.4. When a user opens a malicious project file, the software may read outside the intended buffer, potentially causing a Deni...
PT-2021-14075 · Mitsubishi · Melsoft Navigator +2
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric GX Works2 versions 1.606G and prior Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior Mitsubishi Electric EZSocket versions 5.4 and prior Description: The issue allows an attacker to cause a Denial of Service...
Mitsubishi Electric FA Engineering Software (Update B)
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Vulnerabilities: Out-of-bounds Read, Integer Underflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-350-05...
WAGO M&M Software fdtCONTAINER (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Equipment: fdtCONTAINER Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
Denial of Service Vulnerability in MITSUBISHI FX3U-ENET-L (CNVD-2020-70577)
FX3U-ENET-L has 4 communication channels. Mitsubishi PLC Ethernet Module FX3U-ENET-L supports fixed buffer storage area communication, connection to MELSOFT, communication via MC series, and e-mail delivery. When connecting to MELSOFT, remote maintenance of PLC programs can be realized through GX...
Multiple Mitsubishi Electric Products Resource Management Error Vulnerability
The Misubishi Electric MELSEC iQ-R series is a programmable logic controller from Misubishi Electric. A resource management error vulnerability exists in several Mitsubishi Electric products. An attacker could cause a denial of service by sending a large amount of data to the MELSOFT transport po...
Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port
Overview MELSOFT transmission port UDP/IP of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue CWE-400. When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does...
CVE-2020-5527
When MELSOFT transmission port UDP/IP of Mitsubishi Electric MELSEC iQ-R series all versions, MELSEC iQ-F series all versions, MELSEC Q series all versions, MELSEC L series all versions, and MELSEC F series all versions receives massive amount of data via unspecified vectors, resource consumption...
Design/Logic Flaw
When MELSOFT transmission port UDP/IP of Mitsubishi Electric MELSEC iQ-R series all versions, MELSEC iQ-F series all versions, MELSEC Q series all versions, MELSEC L series all versions, and MELSEC F series all versions receives massive amount of data via unspecified vectors, resource consumption...