Filtered by vendor Mitsubishielectric
Subscribe
Total
123 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5644 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2020-11-20 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | |||||
CVE-2020-5646 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | |||||
CVE-2020-5647 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2020-11-20 | 7.5 HIGH | 9.8 CRITICAL |
Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | |||||
CVE-2020-5648 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2020-11-20 | 6.5 MEDIUM | 9.8 CRITICAL |
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. | |||||
CVE-2020-5652 | 1 Mitsubishielectric | 102 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 99 more | 2020-11-19 | 5.0 MEDIUM | 7.5 HIGH |
Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition . | |||||
CVE-2020-5654 | 1 Mitsubishielectric | 10 Melsec Iq-rd81dl96, Melsec Iq-rd81dl96 Firmware, Melsec Iq-rd81mes96n and 7 more | 2020-11-10 | 5.0 MEDIUM | 7.5 HIGH |
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | |||||
CVE-2020-5653 | 1 Mitsubishielectric | 10 Melsec Iq-rd81dl96, Melsec Iq-rd81dl96 Firmware, Melsec Iq-rd81mes96n and 7 more | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | |||||
CVE-2020-5655 | 1 Mitsubishielectric | 10 Melsec Iq-rd81dl96, Melsec Iq-rd81dl96 Firmware, Melsec Iq-rd81mes96n and 7 more | 2020-11-10 | 5.0 MEDIUM | 7.5 HIGH |
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | |||||
CVE-2020-5656 | 1 Mitsubishielectric | 10 Melsec Iq-rd81dl96, Melsec Iq-rd81dl96 Firmware, Melsec Iq-rd81mes96n and 7 more | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | |||||
CVE-2020-5657 | 1 Mitsubishielectric | 10 Melsec Iq-rd81dl96, Melsec Iq-rd81dl96 Firmware, Melsec Iq-rd81mes96n and 7 more | 2020-11-10 | 3.3 LOW | 6.5 MEDIUM |
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet. | |||||
CVE-2020-16226 | 1 Mitsubishielectric | 186 Conveyor Tracking Application Apr-ntr12fh, Conveyor Tracking Application Apr-ntr20fh\(n\=1\,2\), Conveyor Tracking Application Apr-ntr3fh and 183 more | 2020-10-22 | 7.5 HIGH | 9.8 CRITICAL |
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. | |||||
CVE-2019-10972 | 1 Mitsubishielectric | 1 Electric Fr Configurator2 | 2020-10-02 | 7.1 HIGH | 5.5 MEDIUM |
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted. | |||||
CVE-2019-10977 | 1 Mitsubishielectric | 2 Qj71e71-100, Qj71e71-100 Firmware | 2020-10-02 | 7.8 HIGH | 7.5 HIGH |
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. | |||||
CVE-2020-12011 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2020-07-29 | 7.5 HIGH | 9.8 CRITICAL |
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. | |||||
CVE-2020-12007 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2020-07-29 | 7.5 HIGH | 9.8 CRITICAL |
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. | |||||
CVE-2020-12009 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2020-07-29 | 5.0 MEDIUM | 7.5 HIGH |
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. | |||||
CVE-2020-12015 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. | |||||
CVE-2020-5602 | 1 Mitsubishielectric | 20 Cpu Module Logging Configuration Tool, Cw Configurator, Em Configurator and 17 more | 2020-07-14 | 5.0 MEDIUM | 7.5 HIGH |
Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | |||||
CVE-2020-5595 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2020-07-14 | 7.5 HIGH | 9.8 CRITICAL |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | |||||
CVE-2020-5596 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2020-07-14 | 5.0 MEDIUM | 7.5 HIGH |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. |