CVSS: 10.0EPSS: 0%CPEs: 432EXPL: 1CVE-2023-4699 – Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products
https://notcve.org/view.php?id=CVE-2023-4699
06 Nov 2023 — Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. Vulnerabilidad de verificación insuficiente de autenticidad de datos en los módulos principales Mitsubishi Electric Corporation MELSEC-F Series y en los módulos ... • https://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo • CWE-306: Missing Authentication for Critical Function CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 126EXPL: 0CVE-2023-4625 – Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC Series CPU module
https://notcve.org/view.php?id=CVE-2023-4625
06 Nov 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unau... • https://jvn.jp/vu/JVNVU94620134 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 1%CPEs: 76EXPL: 0CVE-2023-0457 – Information Disclosure Vulnerability in MELSEC Series
https://notcve.org/view.php?id=CVE-2023-0457
03 Mar 2023 — Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. • https://jvn.jp/vu/JVNVU93891523/index.html • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 9.4EPSS: 2%CPEs: 106EXPL: 0CVE-2022-40267 – Authentication Bypass Vulnerability in Web Server Function on MELSEC Series
https://notcve.org/view.php?id=CVE-2022-40267
20 Jan 2023 — Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial n... • https://jvn.jp/vu/JVNVU99673580/index.html • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •