CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2063 – Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2063
02 Jun 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks. • https://jvn.jp/vu/JVNVU92908006 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2062 – Information Disclosure vulnerability in EtherNet/IP Configuration tools
https://notcve.org/view.php?id=CVE-2023-2062
02 Jun 2023 — Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module... • https://jvn.jp/vu/JVNVU92908006 • CWE-549: Missing Password Field Masking CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2061 – Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2061
02 Jun 2023 — Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP. • https://jvn.jp/vu/JVNVU92908006 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2060 – Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2060
02 Jun 2023 — Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing. • https://jvn.jp/vu/JVNVU92908006 • CWE-521: Weak Password Requirements •
CVSS: 7.8EPSS: 1%CPEs: 76EXPL: 0CVE-2023-0457 – Information Disclosure Vulnerability in MELSEC Series
https://notcve.org/view.php?id=CVE-2023-0457
03 Mar 2023 — Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. • https://jvn.jp/vu/JVNVU93891523/index.html • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 202EXPL: 0CVE-2020-16226 – Mitsubishi Electric Multiple Products
https://notcve.org/view.php?id=CVE-2020-16226
08 Sep 2020 — Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. Múltiples productos de Mitsubishi Electric, son vulnerables a suplantaciones de un dispositivo legítimo por parte de un actor malicioso, lo que puede permitir a un atacante ejecutar comandos arbitrarios remotamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mitsubishi Elec... • https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01 • CWE-342: Predictable Exact Value from Previous Values •