CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8403 – Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module
https://notcve.org/view.php?id=CVE-2024-8403
Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets. • https://jvn.jp/vu/JVNVU97790713 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-009_en.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-24-324-01 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7587 – Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64 and MC Works64
https://notcve.org/view.php?id=CVE-2024-7587
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64. • https://jvn.jp/vu/JVNVU95548104 https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1574
https://notcve.org/view.php?id=CVE-2024-1574
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system. El uso de entrada controlada externamente para seleccionar clases o vulnerabilidad de código ("Reflejo inseguro") en la función de licencia de ICONICS GENESIS64 versiones 10.97 a 10.97.2, Mitsubishi Electric GENESIS64 versiones 10.97 a 10.97.2 y Mitsubishi Electric MC Works64 todas las versiones permite una un atacante local ejecute un código malicioso con privilegios administrativos manipulando un archivo específico que no está protegido por el sistema. • https://jvn.jp/vu/JVNVU98894016 https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1573
https://notcve.org/view.php?id=CVE-2024-1573
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in. Vulnerabilidad de autenticación incorrecta en la función de monitoreo móvil de ICONICS GENESIS64 versiones 10.97 a 10.97.2, Mitsubishi Electric GENESIS64 versiones 10.97 a 10.97.2 y Mitsubishi Electric MC Works64 todas las versiones permite que un atacante remoto no autenticado omita la autenticación adecuada e inicie sesión en el sistema cuando Se cumplen todas las condiciones siguientes: * Se utiliza Active Directory en la configuración de seguridad. * La opción "Inicio de sesión automático" está habilitada en la configuración de seguridad. * El grupo de aplicaciones IcoAnyGlass IIS se ejecuta en una cuenta de dominio de Active Directory. * La cuenta del grupo de aplicaciones IcoAnyGlass IIS está incluida en GENESIS64TM y MC Works64 Security y tiene permiso para iniciar sesión. • https://jvn.jp/vu/JVNVU98894016 https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1182
https://notcve.org/view.php?id=CVE-2024-1182
Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64 and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature. Vulnerabilidad no controlada del elemento de ruta de búsqueda en ICONICS GENESIS64 todas las versiones, Mitsubishi Electric GENESIS64 todas las versiones y Mitsubishi Electric MC Works64 todas las versiones permite a un atacante local ejecutar un código malicioso almacenando una DLL especialmente manipulada en una carpeta específica cuando GENESIS64 y MC Works64 están instalados con el agente buscapersonas en la función de notificación de alarma de múltiples agentes. • https://jvn.jp/vu/JVNVU98894016 https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf • CWE-427: Uncontrolled Search Path Element •