MEIKYO ELECTRIC CO.,LTD. Security Vulnerabilities
Mitsubishi Electric FA Products Use of Weak Hash (CVE-2022-25156)
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password.....
8.3AI Score
Mitsubishi Electric MELSEC iQ-R Null Pointer Dereference (CVE-2020-5655)
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before,...
7.8AI Score
Mitsubishi Electric MELSEC iQ-R Resource Management Errors (CVE-2020-5658)
Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before,.....
7.8AI Score
OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier,...
8.8CVSS
8.8AI Score
0.001EPSS
Mitsubishi Electric MELSEC iQ-R Improper Access Control (CVE-2020-5656)
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before,...
9.7AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.5AI Score
0.0004EPSS
SQL Injection Vulnerability in Ruiyou Tianyi Application Virtualization System
Xi'an Ruiyou Information Technology Co., Ltd. is a professional virtualization and cloud computing solution provider. A SQL injection vulnerability exists in Ruiyou Skywing Application Virtualization System, which can be exploited by attackers to obtain database information and execute...
7.9AI Score
Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...
7.4AI Score
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack....
6.8AI Score
Arbitrary File Download Vulnerability in DSS of Zhejiang Dahua Technology Co.(CNVD-2024-10023)
Zhejiang Dahua Technology Co., Ltd. is a supplier of surveillance products and solution service provider. Zhejiang Dahua Technology Co., Ltd DSS has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...
7AI Score
Fedora 40 : kernel (2024-010fe8772a)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
6.5AI Score
Mitsubishi Electric MELSEC iQ-R Series Improper Input Validation (CVE-2022-40265)
Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version 65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version 65 and prior allows a remote unauthenticated attacker to...
7.6AI Score
Mitsubishi Electric FA Products Authentication Bypass By Capture-Replay (CVE-2022-25159)
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. This plugin only works with.....
8.2AI Score
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-5668)
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier,...
7.7AI Score
Mitsubishi Electric FA Products Cleartext Storage of Sensitive Information (CVE-2022-25160)
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using...
6.1AI Score
Fedora 39 : kernel (2024-bc0db39a14)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
6.4AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...
6.4AI Score
0.0004EPSS
Schneider Electric Modicon Ethernet Serial RTU Improper Access Control (CVE-2019-6810)
CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. This plugin only works with Tenable.ot. Please visit...
9AI Score
Schneider Electric Modicon M221 Permissions, Privileges, and Access Controls (CVE-2018-7791)
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits...
9.6AI Score
Schneider Electric Modicon PLCs Use of Insufficiently Random Values (CVE-2017-6026)
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and....
9.2AI Score
Schneider Electric Modicon M221 Permissions, Privileges, and Access Controls (CVE-2018-7792)
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. This plugin only works with Tenable.ot.....
7.7AI Score
Mitsubishi Electric MELSEC and MELIPC Series Improper Input Validation (CVE-2021-20611)
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions 24 and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 57 and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions.....
7.6AI Score
Mitsubishi Electric FA Products Cleartext Storage of Sensitive Information (CVE-2022-25158)
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext....
9.4AI Score
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2021-20591)
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated....
7.6AI Score
Mitsubishi Electric MELSEC and MELIPC Series Uncontrolled Resource Consumption (CVE-2021-20609)
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions 24 and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 57 and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware...
7.6AI Score
Mitsubishi Electric MELSEC-Q Series PLCs Uncontrolled Resource Consumption (CVE-2019-6535)
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet...
7.6AI Score
Schneider Electric Modicon Controllers Use of Insufficiently Random Values (CVE-2019-6821)
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. This plugin only...
6.6AI Score
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-13238)
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to...
7.5AI Score
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-16850)
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to...
7.4AI Score
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-5666)
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which...
7.6AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.6AI Score
0.0004EPSS
Fedora 38 : kernel (2024-f35f9525d6)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
6.4AI Score
Webin security lab - dbapp security Ltd reports : The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio...
6.5AI Score
Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If data containing malware is saved in a specific file...
7.2AI Score
0.0004EPSS
electric-ray.com Improper Access Control vulnerability OBB-3798101
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Schneider Electric Modicon PLCs Predictable Value Range From Previous Values (CVE-2017-6030)
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected...
6.8AI Score
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack.....
9.2AI Score
Mitsubishi Electric MELSEC-F Series Authentication Bypass By Capture-Replay (CVE-2023-2846)
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. This plugin only works with....
9.4AI Score
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. This plugin...
7.1AI Score
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of- service condition. This plugin only works with...
7.6AI Score
Mitsubishi Electric Multiple Products Predictable Exact Value From Previous Values (CVE-2020-16226)
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.8AI Score
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
7.4AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
7.1AI Score
0.0004EPSS
CVE-2023-1424 Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code.....
7.3AI Score
0.004EPSS
Schneider Electric Modicon M221 Improper Check For Unusual or Exceptional Conditions (CVE-2018-7789)
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.....
7.5AI Score
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...
7.1AI Score
0.0004EPSS
Schneider Electric Web Server on Modicon M340 Out-of-Bounds Read (CVE-2020-7562)
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file....
8.4AI Score
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and...
9.7AI Score
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using...
7.6AI Score