CVSS: 9.1EPSS: 0%CPEs: 432EXPL: 0CVE-2023-4699 – Denial-of-Service (DoS) Vulnerability in MELSEC Series
https://notcve.org/view.php?id=CVE-2023-4699
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. Vulnerabilidad de verificación insuficiente de autenticidad de datos en los módulos principales Mitsubishi Electric Corporation MELSEC-F Series y en los módulos de MELSEC iQ-F Series CPU permite a un atacante remoto no autenticado restablecer la memoria de los productos al estado predeterminado de fábrica y provocar Denegación de Servicio (DoS) condición de los productos mediante el envío de paquetes específicos. • https://jvn.jp/vu/JVNVU94620134 https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.1EPSS: 0%CPEs: 380EXPL: 0CVE-2023-4562 – Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module
https://notcve.org/view.php?id=CVE-2023-4562
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. Vulnerabilidad de autenticación incorrecta en los módulos principales de la serie MELSEC-F de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado obtenga programas de secuencia del producto o escriba programas de secuencia maliciosos o datos inadecuados en el producto sin autenticación mediante el envío de mensajes ilegítimos. • https://jvn.jp/vu/JVNVU90509290 https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 300EXPL: 0CVE-2023-2846 – Authentication Bypass Vulnerability in MELSEC-F Series main module
https://notcve.org/view.php?id=CVE-2023-2846
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. • https://jvn.jp/vu/JVNVU94519952 https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdf • CWE-294: Authentication Bypass by Capture-replay •