11 results (0.011 seconds)

CVSS: 10.0EPSS: 0%CPEs: 432EXPL: 0

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. Vulnerabilidad de verificación insuficiente de autenticidad de datos en los módulos principales Mitsubishi Electric Corporation MELSEC-F Series y en los módulos de MELSEC iQ-F Series CPU permite a un atacante remoto no autenticado restablecer la memoria de los productos al estado predeterminado de fábrica y provocar Denegación de Servicio (DoS) condición de los productos mediante el envío de paquetes específicos. Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely. • https://jvn.jp/vu/JVNVU94620134 https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf • CWE-306: Missing Authentication for Critical Function CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.3EPSS: 0%CPEs: 126EXPL: 0

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. Vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en los módulos de Mitsubishi Electric Corporation MELSEC iQ-F Series CPU, la función de servidor web permite a un atacante remoto no autenticado evitar que usuarios legítimos inicien sesión en la función de servidor web durante un cierto período después de que el atacante haya intentado iniciar sesión ilegalmente al intentar continuamente iniciar sesión sin autorización en la función del servidor web. El impacto de esta vulnerabilidad persistirá mientras el atacante continúe intentando iniciar sesión sin autorización. • https://jvn.jp/vu/JVNVU94620134 https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. • https://jvn.jp/vu/JVNVU93891523/index.html https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •

CVSS: 9.1EPSS: 0%CPEs: 106EXPL: 0

Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers. • https://jvn.jp/vu/JVNVU99673580/index.html https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •

CVSS: 5.9EPSS: 0%CPEs: 32EXPL: 0

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system. Vulnerabilidad de almacenamiento de texto claro de información sensible en la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5U(C) todas las versiones, la CPU de la serie MELSEC iQ-F de Mitsubishi Electric FX5UJ todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R00/01/02CPU todas las versiones, la CPU de la serie MELSEC iQ-R de Mitsubishi Electric R04/08/16/32/120(ES)todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120SFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R08/16/32/120PSFCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie R16/32/64MTCPU todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71C24(-R2/R4) todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ71EN71 todas las versiones, Mitsubishi Electric MELSEC iQ-R serie RJ72GF15-T2 todas las versiones, Mitsubishi Electric MELSEC Q serie Q03/04/06/13/26UDVCPU todas las versiones, Mitsubishi Electric MELSEC Q serie Q04/06/13/26UDPVCPU todas las versiones, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) todas las versiones y Mitsubishi Electric MELSEC Q series QJ71E71-100 todas las versiones permite a un atacante remoto no autenticado revelar un archivo en el producto de un usuario legítimo utilizando información en texto claro previamente escuchada y falsificar el sistema de un usuario legítimo • https://jvn.jp/vu/JVNVU96577897/index.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf • CWE-312: Cleartext Storage of Sensitive Information •