CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2063 – Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2063
02 Jun 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks. • https://jvn.jp/vu/JVNVU92908006 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2062 – Information Disclosure vulnerability in EtherNet/IP Configuration tools
https://notcve.org/view.php?id=CVE-2023-2062
02 Jun 2023 — Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module... • https://jvn.jp/vu/JVNVU92908006 • CWE-549: Missing Password Field Masking CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2061 – Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2061
02 Jun 2023 — Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP. • https://jvn.jp/vu/JVNVU92908006 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2060 – Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2060
02 Jun 2023 — Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing. • https://jvn.jp/vu/JVNVU92908006 • CWE-521: Weak Password Requirements •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5657
https://notcve.org/view.php?id=CVE-2020-5657
30 Oct 2020 — Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are... • https://jvn.jp/vu/JVNVU92513419/index.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5658
https://notcve.org/view.php?id=CVE-2020-5658
30 Oct 2020 — Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module Firs... • https://jvn.jp/vu/JVNVU92513419/index.html •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5655
https://notcve.org/view.php?id=CVE-2020-5655
30 Oct 2020 — NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First... • https://jvn.jp/vu/JVNVU92513419/index.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5656
https://notcve.org/view.php?id=CVE-2020-5656
30 Oct 2020 — Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2... • https://jvn.jp/vu/JVNVU92513419/index.html •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5653
https://notcve.org/view.php?id=CVE-2020-5653
30 Oct 2020 — Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits ... • https://jvn.jp/vu/JVNVU92513419/index.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5654
https://notcve.org/view.php?id=CVE-2020-5654
30 Oct 2020 — Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits... • https://jvn.jp/vu/JVNVU92513419/index.html • CWE-384: Session Fixation •