CVSS: 9.4EPSS: 0%CPEs: 72EXPL: 0CVE-2025-3755 – Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module
https://notcve.org/view.php?id=CVE-2025-3755
29 May 2025 — Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery. • https://jvn.jp/vu/JVNVU94070048 • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0921 – Information Tampering Vulnerability in Multi-agent Notification Feature of GENESIS64 and MC Works64
https://notcve.org/view.php?id=CVE-2025-0921
15 May 2025 — Execution with Unnecessary Privileges vulnerability in the Pager agent of multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64 prior to 10.97.3, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the a... • https://jvn.jp/vu/JVNVU93838985 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.9EPSS: 0%CPEs: 35EXPL: 0CVE-2025-3511
https://notcve.org/view.php?id=CVE-2025-3511
25 Apr 2025 — Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module and CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets. • https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9852 – Malicious Code Execution Vulnerability in GENESIS64 and MC Works64
https://notcve.org/view.php?id=CVE-2024-9852
28 Nov 2024 — Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. • https://jvn.jp/vu/JVNVU93891820 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8300 – Malicious Code Execution Vulnerability in GENESIS64
https://notcve.org/view.php?id=CVE-2024-8300
28 Nov 2024 — Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. • https://jvn.jp/vu/JVNVU93891820 • CWE-561: Dead Code •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8299 – Malicious Code Execution Vulnerability in GENESIS64 and MC Works64
https://notcve.org/view.php?id=CVE-2024-8299
28 Nov 2024 — Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. • https://jvn.jp/vu/JVNVU93891820 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8403 – Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module
https://notcve.org/view.php?id=CVE-2024-8403
19 Nov 2024 — Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets. • https://jvn.jp/vu/JVNVU97790713 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7587 – Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64 and MC Works64
https://notcve.org/view.php?id=CVE-2024-7587
22 Oct 2024 — Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is insta... • https://jvn.jp/vu/JVNVU95548104 • CWE-276: Incorrect Default Permissions •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1574
https://notcve.org/view.php?id=CVE-2024-1574
04 Jul 2024 — Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system. El uso de entrada controlada externamente para seleccionar clases o vulnerabilidad d... • https://jvn.jp/vu/JVNVU98894016 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1573
https://notcve.org/view.php?id=CVE-2024-1573
04 Jul 2024 — Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Applica... • https://jvn.jp/vu/JVNVU98894016 • CWE-287: Improper Authentication •