CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23128
https://notcve.org/view.php?id=CVE-2022-23128
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. Una vulnerabilidad "Incomplete List of Disallowed Inputs" en Mitsubishi Electric MC Works64 versiones 4.00A (10.95.201.23) a 4.04E (10.95.210.01), ICONICS GENESIS64 versiones 10.95.3 a 10.97, ICONICS Hyper Historian versiones 10.95.3 a 10.97, ICONICS AnalytiX versiones 10.95.3 a 10.97 e ICONICS MobileHMI versiones 10. 95.3 a 10.97 permite a un atacante remoto no autenticado omitir la autenticación de MC Works64, GENESIS64, Hyper Historian, AnalytiX y MobileHMI, y conseguir acceso no autorizado a los productos, mediante el envío de paquetes WebSocket especialmente diseñados al servidor FrameWorX, una de las funciones de los productos • https://jvn.jp/vu/JVNVU95403720/index.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23130
https://notcve.org/view.php?id=CVE-2022-23130
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64. Una vulnerabilidad de lectura excesiva del búfer en Mitsubishi Electric MC Works64 versiones 4.00A (10.95.201.23) a 4.04E (10.95.210.01), en ICONICS GENESIS64 versiones 10.97 y anteriores, y en ICONICS Hyper Historian versiones 10.97 y anteriores, permite a un atacante causar una condición de denegación de servicio en el servidor de la base de datos al hacer que un usuario legítimo importe un archivo de configuración que contenga procedimientos almacenados especialmente diseñados en GENESIS64 o MC Works64 y ejecute comandos contra la base de datos desde GENESIS64 o MC Works64 • https://jvn.jp/vu/JVNVU95403720/index.html https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf • CWE-125: Out-of-bounds Read •