Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-21	CVE-2022-23128	Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. network low complexity mitsubishielectric iconics critical	9.8
2020-07-16	CVE-2020-12007	Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. network low complexity mitsubishielectric iconics CWE-502 critical	9.8
2020-07-16	CVE-2020-12013	SQL Injection vulnerability in multiple products A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. network low complexity mitsubishielectric iconics CWE-89 critical	9.1
2020-07-16	CVE-2020-12011	Out-of-bounds Write vulnerability in multiple products A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. network low complexity mitsubishielectric iconics CWE-787 critical	9.8