Page 31 of 155 results (0.011 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9634 – Mitsubishi Electric E-Designer Symbol xSize Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-9634

Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer, Version 7.52 Build 344, contiene dos secciones de código que podrían ser explotadas para permitir que un atacante sobrescriba ubicaciones de memoria arbitrarias. Esto puede resultar en la ejecución de código arbitrario, el compromiso de la integridad de los datos, denegación de servicio (DoS) y cierre inesperado del sistema. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. • http://www.securityfocus.com/bid/100097 https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9636 – Mitsubishi Electric E-Designer BEMatsushita Driver Configuration TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-9636

Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. Mitsubishi E-Designer, Version 7.52 Build 344, contiene cinco secciones de código que podrían ser explotadas para sobrescribir la memoria dinámica (heap). Esto puede resultar en la ejecución de código arbitrario, el compromiso de la integridad de los datos, denegación de servicio (DoS) y cierre inesperado del sistema. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mitsubishi Electric E-Designer. • http://www.securityfocus.com/bid/100097 https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-8370

https://notcve.org/view.php?id=CVE-2016-8370

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. Ha sido descubierto un problema en las series Mitsubishi Electric Automation MELSEC-Q en módulos de interfaz Ethernet QJ71E71-100, todas las versiones, QJ71E71-B5, todas las versiones y QJ71E71-B2, todas las versiones. Las contraseñas cifradas débilmente son transmitidas a un MELSEC-Q PLC. • http://www.securityfocus.com/bid/94632 https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-8368

https://notcve.org/view.php?id=CVE-2016-8368

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. Ha sido descubierto un problema en las series Mitsubishi Electric Automation MELSEC-Q en módulos de interfaz Ethernet QJ71E71-100, todas las versiones, QJ71E71-B5, todas las versiones y QJ71E71-B2, todas las versiones. El módulo de interfaz Ethernet afectado está conectado a MELSEC-Q PLC, lo que puede permitir a un atacante remoto conectarse al PLC a través de Port 5002/TCP y provocar una denegación de servicio, requiriendo que el PLC sea reseteado para continuar operando. • http://www.securityfocus.com/bid/94632 https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03 • CWE-662: Improper Synchronization •

CVSS: 9.3EPSS: 64%CPEs: 1EXPL: 1

CVE-2013-2817 – Mitsubishi MC-WorkX 8.02 - ActiveX Control 'IcoLaunch' File Execution

https://notcve.org/view.php?id=CVE-2013-2817

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. Un control ActiveX en IcoLaunch.dll en Mitsubishi Electric Automation MC-WorX Suite 8.02 permite a atacantes remotos asistidos por usuario ejecutar programas arbitrarios a través de un documento HTML manipulado en conjunto con un click del botón Login Client. • https://www.exploit-db.com/exploits/28284 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-02 http://www.meau.com/eprise/main/sites/public/Products/Software/-MC_Works • CWE-94: Improper Control of Generation of Code ('Code Injection') •