CVSS: 10.0EPSS: 0%CPEs: 432EXPL: 1CVE-2023-4699 – Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products
https://notcve.org/view.php?id=CVE-2023-4699
06 Nov 2023 — Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. Vulnerabilidad de verificación insuficiente de autenticidad de datos en los módulos principales Mitsubishi Electric Corporation MELSEC-F Series y en los módulos ... • https://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo • CWE-306: Missing Authentication for Critical Function CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.4EPSS: 0%CPEs: 380EXPL: 0CVE-2023-4562 – Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module
https://notcve.org/view.php?id=CVE-2023-4562
13 Oct 2023 — Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. Vulnerabilidad de autenticación incorrecta en los módulos principales de la serie MELSEC-F de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado obtenga programas de secue... • https://jvn.jp/vu/JVNVU90509290 • CWE-287: Improper Authentication •
CVSS: 9.4EPSS: 0%CPEs: 300EXPL: 0CVE-2023-2846 – Authentication Bypass Vulnerability in MELSEC-F Series main module
https://notcve.org/view.php?id=CVE-2023-2846
30 Jun 2023 — Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. • https://jvn.jp/vu/JVNVU94519952 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20613
https://notcve.org/view.php?id=CVE-2021-20613
14 Jan 2022 — Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery. Una vulnerabilidad de inicialización in... • https://jvn.jp/vu/JVNVU93268332/index.html • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20612
https://notcve.org/view.php?id=CVE-2021-20612
14 Jan 2022 — Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerabil... • https://jvn.jp/vu/JVNVU93268332/index.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20596
https://notcve.org/view.php?id=CVE-2021-20596
22 Jul 2021 — NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery. Una desreferencia de puntero NULL en MELSEC-F Series FX3U-ENET versiones de firmware 1.14 y anteriores, FX3U-ENET-L ver... • https://jvn.jp/vu/JVNVU94348759/index.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 202EXPL: 0CVE-2020-16226 – Mitsubishi Electric Multiple Products
https://notcve.org/view.php?id=CVE-2020-16226
08 Sep 2020 — Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. Múltiples productos de Mitsubishi Electric, son vulnerables a suplantaciones de un dispositivo legítimo por parte de un actor malicioso, lo que puede permitir a un atacante ejecutar comandos arbitrarios remotamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mitsubishi Elec... • https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01 • CWE-342: Predictable Exact Value from Previous Values •
CVSS: 7.5EPSS: 0%CPEs: 92EXPL: 0CVE-2020-5527
https://notcve.org/view.php?id=CVE-2020-5527
30 Mar 2020 — When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functi... • https://jvn.jp/en/vu/JVNVU91553662/index.html • CWE-400: Uncontrolled Resource Consumption •