CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 0CVE-2023-51777
https://notcve.org/view.php?id=CVE-2023-51777
02 Jul 2024 — Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error. Vulnerabilidad de denegación de servicio (DoS) en Jungo WinDriver anterior a 12.1.0 permite a atacantes locales provocar un error de pantalla azul de Windows. • https://jungo.com/windriver/versions •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 0CVE-2023-51778
https://notcve.org/view.php?id=CVE-2023-51778
02 Jul 2024 — Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). La vulnerabilidad de escritura fuera de los límites en Jungo WinDriver anterior a 12.1.0 permite a atacantes locales provocar un error de pantalla azul de Windows y denegación de servicio (DoS). • https://jungo.com/windriver/versions • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 10EXPL: 0CVE-2023-6943
https://notcve.org/view.php?id=CVE-2023-6943
30 Jan 2024 — Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthe... • https://jvn.jp/vu/JVNVU95103362 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-6942
https://notcve.org/view.php?id=CVE-2023-6942
30 Jan 2024 — Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentica... • https://jvn.jp/vu/JVNVU95103362 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5247
https://notcve.org/view.php?id=CVE-2023-5247
30 Nov 2023 — Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. La vulnerabilidad de ejecución de código malicioso debido al control externo del nombre o ruta del archivo en múltiples productos d... • https://jvn.jp/vu/JVNVU93383160 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4088 – Malicious Code Execution Vulnerability in FA Engineering Software Products
https://notcve.org/view.php?id=CVE-2023-4088
20 Sep 2023 — Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder. Vulnerabilidad de Permisos Predeterminados Incorrectos debido a una solución incompleta para abordar CVE-2020-14496 en los productos de so... • https://jvn.jp/vu/JVNVU96447193/index.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29833
https://notcve.org/view.php?id=CVE-2022-29833
24 Nov 2022 — Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally. Vulnerabilidad de credenciales insuficientemente protegidas en Mitsubishi Electric Corporation GX Works3 versiones 1.015R y posteriores permite que un atacante remoto no autenticado revele información sensible. Como resultado, ... • https://jvn.jp/vu/JVNVU97244961 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29832
https://notcve.org/view.php?id=CVE-2022-29832
24 Nov 2022 — Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting. Vulnerabilidad de almacenamiento de texto sin cifrar de... • https://jvn.jp/vu/JVNVU97244961 • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29831
https://notcve.org/view.php?id=CVE-2022-29831
24 Nov 2022 — Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules. El uso de la vulnerabilidad de contraseña codificada en Mitsubishi Electric Corporation GX Works3 desde la versión 1.015R hasta 1.095Z permite a un atacante remoto no autenticado obtener información sobre el archivo de proyecto para los módulos de CPU de seguridad MELSEC. • https://jvn.jp/vu/JVNVU97244961 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29830
https://notcve.org/view.php?id=CVE-2022-29830
24 Nov 2022 — Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally. El uso de una vulnerabilidad de clave criptográfica codificada en Mitsubishi Electric GX Works3 en las versiones 1.000A hasta 1.... • https://jvn.jp/vu/JVNVU97244961/index.html • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •