CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9852 – Malicious Code Execution Vulnerability in GENESIS64 and MC Works64
https://notcve.org/view.php?id=CVE-2024-9852
28 Nov 2024 — Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. • https://jvn.jp/vu/JVNVU93891820 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8300 – Malicious Code Execution Vulnerability in GENESIS64
https://notcve.org/view.php?id=CVE-2024-8300
28 Nov 2024 — Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. • https://jvn.jp/vu/JVNVU93891820 • CWE-561: Dead Code •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8299 – Malicious Code Execution Vulnerability in GENESIS64 and MC Works64
https://notcve.org/view.php?id=CVE-2024-8299
28 Nov 2024 — Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. • https://jvn.jp/vu/JVNVU93891820 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8403 – Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module
https://notcve.org/view.php?id=CVE-2024-8403
19 Nov 2024 — Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets. • https://jvn.jp/vu/JVNVU97790713 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7587 – Information Disclosure, Information Tampering and Denial of Service (DoS) Vulnerability in GENESIS64 and MC Works64
https://notcve.org/view.php?id=CVE-2024-7587
22 Oct 2024 — Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is insta... • https://jvn.jp/vu/JVNVU95548104 • CWE-276: Incorrect Default Permissions •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1574
https://notcve.org/view.php?id=CVE-2024-1574
04 Jul 2024 — Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system. El uso de entrada controlada externamente para seleccionar clases o vulnerabilidad d... • https://jvn.jp/vu/JVNVU98894016 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1573
https://notcve.org/view.php?id=CVE-2024-1573
04 Jul 2024 — Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Applica... • https://jvn.jp/vu/JVNVU98894016 • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1182
https://notcve.org/view.php?id=CVE-2024-1182
04 Jul 2024 — Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64 and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature. Vulnerabilidad no controlada del elemento de ruta de búsqueda en ICONICS GENESIS64 todas las versiones, Mitsubishi Elec... • https://jvn.jp/vu/JVNVU98894016 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 163EXPL: 0CVE-2023-7033
https://notcve.org/view.php?id=CVE-2023-7033
27 Feb 2024 — Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack. Vulnerabilidad de grupo de recursos insuficiente en la función Ethernet de los módulos de CPU de la serie MELSEC iQ-F de Mitsubishi Electric Corporation permite que un atacante remoto cause una condición... • https://jvn.jp/vu/JVNVU96145466/index.html • CWE-410: Insufficient Resource Pool •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6815
https://notcve.org/view.php?id=CVE-2023-6815
13 Feb 2024 — Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. Vulnerabilidad de asignación de privilegios incorrecta... • https://jvn.jp/vu/JVNVU95085830/index.html • CWE-266: Incorrect Privilege Assignment •