CVE-2021-20589
https://notcve.org/view.php?id=CVE-2021-20589
Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets. Una Vulnerabilidad de Acceso del Búfer de valor de longitud incorrecto en GOT2000 series GT27 model communication driver versiones 01.19.000 hasta 01.38.000, GT25 model communication driver versiones 01.19.000 hasta 01.38.000, GT23 model communication driver versiones 01.19.000 hasta 01.38.000 y GT21 model communication driver versiones 01.21.000 hasta 01.39.000, GOT SIMPLE series GS21 model communication driver versiones 01.21.000 hasta 01.39.000, GT SoftGOT2000 versiones 1.170C hasta 1.250L y el paquete de datos de Pantalla Tension Controller LE7-40GU-L para MODBUS/TCP versión V1.00, permite a un atacante remoto no autenticado detener la función de comunicación de los productos por medio de paquetes especialmente diseñados • https://jvn.jp/vu/JVNVU99895108/index.html https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-002_en.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3938 – Mitsubishi Melsec FX3G-24M Denial Of Service
https://notcve.org/view.php?id=CVE-2015-3938
The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. Aplicación HTTP en dispositivos Mitsubishi Electric MELSEC FX3G PLC en versiones anteriores a April 2015, permite a atacantes remotos provocar una denegación de servicio (interrupción del dispositivo) a través de un parámetro largo. Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability. • https://ics-cert.us-cert.gov/advisories/ICSA-15-146-01 • CWE-399: Resource Management Errors •
CVE-2013-3075 – Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Heap Spray
https://notcve.org/view.php?id=CVE-2013-3075
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Múltiples desbordamientos de búfer en ActUWzd.dll v1.0.0.1 en Mitsubishi MX componente 3, que distribuye en CitectFacilities Citect v7.10 y CitectSCADA v7.10r1, permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga, como lo demuestra con un valor largo de la propiedad WzTitle a un determinado ActiveX control. • https://www.exploit-db.com/exploits/24886 http://www.exploit-db.com/exploits/24886 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-5163
https://notcve.org/view.php?id=CVE-2011-5163
Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. Desbordamiento de búfer en un componente de terceros no especificado en el módulo de ejecución por lote para Schneider Electric CitectSCADA anterior a v7.20 y Mitsubishi MX4 SCADA anterior a v7.20 permite a usuarios locales ejecutar código arbitrario a través de una cadena larga en una secuencia de acceso. • http://secunia.com/advisories/46779 http://secunia.com/advisories/46786 http://www.citect.com/citectscada-batch http://www.osvdb.org/76937 http://www.securitytracker.com/id?1026306 http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4%2CSCADA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1546
https://notcve.org/view.php?id=CVE-2008-1546
servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. servlet/MIMEReceiveServlet en el controlador web para los sistemas de control de aire acondicionado Mitsubishi Electric GB-50 y GB-50A permite a atacantes remotos provocar la Denegación de Servicio (air-conditioning outage) mediante un documento XML que contiene un comando setRequest. • http://securityreason.com/securityalert/3794 http://www.securityfocus.com/archive/1/483862/2008-03-21/threaded http://www.securityfocus.com/archive/1/489970/100/0/threaded http://www.securityfocus.com/bid/28406 https://exchange.xforce.ibmcloud.com/vulnerabilities/41503 •