CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5247
https://notcve.org/view.php?id=CVE-2023-5247
30 Nov 2023 — Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. La vulnerabilidad de ejecución de código malicioso debido al control externo del nombre o ruta del archivo en múltiples productos d... • https://jvn.jp/vu/JVNVU93383160 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5275
https://notcve.org/view.php?id=CVE-2023-5275
21 Nov 2023 — Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Una vulnerabilidad de validación de entrada incorrecta en la función de simulación de GX Works2 permite a un atacante provocar una condición de Denegación de Servicio (DoS) en la función mediante... • https://jvn.jp/vu/JVNVU98760962/index.html • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5274
https://notcve.org/view.php?id=CVE-2023-5274
21 Nov 2023 — Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Una vulnerabilidad de validación de entrada incorrecta en la función de simulación de GX Works2 permite a un atacante provocar una condición de Denegación de Servicio (DoS) en la función mediante... • https://jvn.jp/vu/JVNVU98760962/index.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 432EXPL: 1CVE-2023-4699 – Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products
https://notcve.org/view.php?id=CVE-2023-4699
06 Nov 2023 — Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. Vulnerabilidad de verificación insuficiente de autenticidad de datos en los módulos principales Mitsubishi Electric Corporation MELSEC-F Series y en los módulos ... • https://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo • CWE-306: Missing Authentication for Critical Function CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 126EXPL: 0CVE-2023-4625 – Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC Series CPU module
https://notcve.org/view.php?id=CVE-2023-4625
06 Nov 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unau... • https://jvn.jp/vu/JVNVU94620134 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.4EPSS: 0%CPEs: 380EXPL: 0CVE-2023-4562 – Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module
https://notcve.org/view.php?id=CVE-2023-4562
13 Oct 2023 — Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. Vulnerabilidad de autenticación incorrecta en los módulos principales de la serie MELSEC-F de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado obtenga programas de secue... • https://jvn.jp/vu/JVNVU90509290 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4088 – Malicious Code Execution Vulnerability in FA Engineering Software Products
https://notcve.org/view.php?id=CVE-2023-4088
20 Sep 2023 — Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder. Vulnerabilidad de Permisos Predeterminados Incorrectos debido a una solución incompleta para abordar CVE-2020-14496 en los productos de so... • https://jvn.jp/vu/JVNVU96447193/index.html • CWE-276: Incorrect Default Permissions •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3373
https://notcve.org/view.php?id=CVE-2023-3373
03 Aug 2023 — Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. • https://jvn.jp/vu/JVNVU92167394/index.html • CWE-330: Use of Insufficiently Random Values CWE-342: Predictable Exact Value from Previous Values •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-0525
https://notcve.org/view.php?id=CVE-2023-0525
03 Aug 2023 — Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain pla... • https://jvn.jp/vu/JVNVU95285923/index.html • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 1%CPEs: 42EXPL: 0CVE-2023-3346 – Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series
https://notcve.org/view.php?id=CVE-2023-3346
03 Aug 2023 — Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery. • https://jvn.jp/vu/JVNVU90352157/index.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •