CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40268
https://notcve.org/view.php?id=CVE-2022-40268
02 Feb 2023 — Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. • https://jvn.jp/vu/JVNVU91222434/index.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 102EXPL: 0CVE-2022-33323 – Authentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-series
https://notcve.org/view.php?id=CVE-2022-33323
02 Feb 2023 — Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section. • https://jvn.jp/vu/JVNVU94588481/index.html • CWE-489: Active Debug Code •
CVSS: 9.4EPSS: 2%CPEs: 106EXPL: 0CVE-2022-40267 – Authentication Bypass Vulnerability in Web Server Function on MELSEC Series
https://notcve.org/view.php?id=CVE-2022-40267
20 Jan 2023 — Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial n... • https://jvn.jp/vu/JVNVU99673580/index.html • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2022-40265 – Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module
https://notcve.org/view.php?id=CVE-2022-40265
30 Nov 2022 — Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. Vulnerabilidad de Validación de Entrada Incorrecta en Mitsubishi Electric Corporation MELSEC iQ-... • https://jvn.jp/vu/JVNVU94702422 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29833
https://notcve.org/view.php?id=CVE-2022-29833
24 Nov 2022 — Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally. Vulnerabilidad de credenciales insuficientemente protegidas en Mitsubishi Electric Corporation GX Works3 versiones 1.015R y posteriores permite que un atacante remoto no autenticado revele información sensible. Como resultado, ... • https://jvn.jp/vu/JVNVU97244961 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29832
https://notcve.org/view.php?id=CVE-2022-29832
24 Nov 2022 — Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting. Vulnerabilidad de almacenamiento de texto sin cifrar de... • https://jvn.jp/vu/JVNVU97244961 • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29831
https://notcve.org/view.php?id=CVE-2022-29831
24 Nov 2022 — Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules. El uso de la vulnerabilidad de contraseña codificada en Mitsubishi Electric Corporation GX Works3 desde la versión 1.015R hasta 1.095Z permite a un atacante remoto no autenticado obtener información sobre el archivo de proyecto para los módulos de CPU de seguridad MELSEC. • https://jvn.jp/vu/JVNVU97244961 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29830
https://notcve.org/view.php?id=CVE-2022-29830
24 Nov 2022 — Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally. El uso de una vulnerabilidad de clave criptográfica codificada en Mitsubishi Electric GX Works3 en las versiones 1.000A hasta 1.... • https://jvn.jp/vu/JVNVU97244961/index.html • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29829
https://notcve.org/view.php?id=CVE-2022-29829
24 Nov 2022 — Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C and Motion Control Setting(GX Works3 related software) versions from 1.035M to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally. Uso de vulnerabilidad de clave criptográfica codificada en Mitsubishi ... • https://jvn.jp/vu/JVNVU97244961/index.html • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29828
https://notcve.org/view.php?id=CVE-2022-29828
24 Nov 2022 — Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally. El uso de una vulnerabilidad de clave criptográfica codificada en las versiones 1.000A y posteriores de Mitsubishi Electric GX Works3 permite que un atacante remoto no autenticado revele información sensible. Como res... • https://jvn.jp/vu/JVNVU97244961/index.html • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •