Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mitsubishielectric Subscribe
Filtered by product R08sfcpu
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20597 1 Mitsubishielectric 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more 2022-10-14 6.4 MEDIUM 9.1 CRITICAL
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
CVE-2021-20594 1 Mitsubishielectric 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more 2022-10-14 5.0 MEDIUM 7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.
CVE-2021-20599 1 Mitsubishielectric 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more 2022-10-14 5.0 MEDIUM 7.5 HIGH
Cleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.
CVE-2020-5668 1 Mitsubishielectric 56 R00cpu, R00cpu Firmware, R01cpu and 53 more 2022-04-29 7.8 HIGH 7.5 HIGH
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet
CVE-2021-20598 1 Mitsubishielectric 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more 2021-08-27 5.0 MEDIUM 5.3 MEDIUM
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password.
CVE-2020-16850 1 Mitsubishielectric 38 R00cpu, R00cpu Firmware, R01cpu and 35 more 2021-07-21 7.8 HIGH 7.5 HIGH
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
CVE-2021-20591 1 Mitsubishielectric 40 R00cpu, R00cpu Firmware, R01cpu and 37 more 2021-06-22 7.8 HIGH 7.5 HIGH
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.