CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2021-20599
https://notcve.org/view.php?id=CVE-2021-20599
14 Oct 2021 — Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. La vulnerabilidad de transmisión de texto claro de información sensible en las versiones de firmware "26" ... • https://jvn.jp/vu/JVNVU98578731 • CWE-319: Cleartext Transmission of Sensitive Information CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 1%CPEs: 16EXPL: 0CVE-2021-20598
https://notcve.org/view.php?id=CVE-2021-20598
06 Aug 2021 — Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password. Una vulnerabilidad del Mecanismo de Bloqueo de Cuentas Demasiado Restrictivo en los módulos de CPU de la serie MELSEC iQ-R de Mitsubishi Electric (R08/16/32/120SFCPU todas las versiones, R08/16/32/120PSFCPU ... • https://jvn.jp/vu/JVNVU98578731/index.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2021-20594
https://notcve.org/view.php?id=CVE-2021-20594
06 Aug 2021 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names. La exposición de información sensible a un actor no autorizado es un... • https://jvn.jp/vu/JVNVU98578731/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 16EXPL: 0CVE-2021-20597
https://notcve.org/view.php?id=CVE-2021-20597
06 Aug 2021 — Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. La vulnerabilidad de c... • https://jvn.jp/vu/JVNVU98578731/index.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2021-20591
https://notcve.org/view.php?id=CVE-2021-20591
11 Jun 2021 — Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition. Una vulnerabilidad de C... • https://jvn.jp/vu/JVNVU98060539/index.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2020-16850
https://notcve.org/view.php?id=CVE-2020-16850
30 Nov 2020 — Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2. Los PLC de la serie Mitsubishi MELSEC iQ-R con firmware 49 permiten a un atacante no autenticado detene... • https://blog.scadafence.com/vulnerability-in-mitsubishi-electric-melsec-iq-r-series • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 56EXPL: 0CVE-2020-5668
https://notcve.org/view.php?id=CVE-2020-5668
20 Nov 2020 — Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware ver... • https://jvn.jp/vu/JVNVU95980140/index.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 102EXPL: 0CVE-2020-5652
https://notcve.org/view.php?id=CVE-2020-5652
30 Oct 2020 — Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' an... • https://jvn.jp/vu/JVNVU96558207/index.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2020-13238
https://notcve.org/view.php?id=CVE-2020-13238
10 Jun 2020 — Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. Los PLC Mitsubishi MELSEC iQ-R Series con firmware 33, permiten a atacantes detener el proceso industrial mediante el envío de un paquete diseñado no autenticado a través de la red, porque este ata... • http://jvn.jp/vu/JVNVU97662844/index.html • CWE-400: Uncontrolled Resource Consumption •