CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10972
https://notcve.org/view.php?id=CVE-2019-10972
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted. FR Configurator2 de Mitsubishi Electric, versión 1.16S y anteriores. Esta vulnerabilidad puede ser activada cuando un atacante proporciona a la victima un archivo de proyecto no autorizado (.frc2). • https://www.us-cert.gov/ics/advisories/icsa-19-204-01 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10976
https://notcve.org/view.php?id=CVE-2019-10976
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files. FR Configurator2 de Mitsubishi Electric, versión 1.16S y anteriores. Esta vulnerabilidad es activada cuando la entrada pasada hacia el analizador XML no es saneada mientras se analiza el proyecto XML y/o el archivo de plantilla (.frc2). • https://www.us-cert.gov/ics/advisories/icsa-19-204-01 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10977
https://notcve.org/view.php?id=CVE-2019-10977
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. En Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 y anteriores, un atacante podría enviar paquetes TCP creados contra el servicio FTP, forzando a los dispositivos de destino a entrar en un modo de error y generar una condición de Denegación de Servicio. • http://www.securityfocus.com/bid/108419 https://ics-cert.us-cert.gov/advisories/ICSA-19-141-02 • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2019-6535
https://notcve.org/view.php?id=CVE-2019-6535
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash. Mitsubishi Electric Q03/04/06/13/26UDVCPU: número de serie 20081 y anteriores, Q04/06/13/26UDPVCPU: número de serie 20081 y anteriores y Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: número de serie 20101 y anteriores. Un atacante remoto puede mandar bites específicos a través del puerto 5007 que resultará en un cierre inesperado de la pila de ethernet. • http://www.securityfocus.com/bid/106771 https://ics-cert.us-cert.gov/advisories/ICSA-19-029-02 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2017-9638 – Mitsubishi Electric E-Designer BECMpi Driver Configuration ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-9638
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer, Version 7.52 Build 344, contiene seis secciones de código que podrían ser explotadas para sobrescribir la pila. Esto puede resultar en la ejecución de código arbitrario, el compromiso de la integridad de los datos, denegación de servicio (DoS) y cierre inesperado del sistema. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. • http://www.securityfocus.com/bid/100097 https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •