Vulnerabilities > Mitsubishielectric

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2021-20599 Incorrect Authorization vulnerability in Mitsubishielectric products
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.
network
low complexity
mitsubishielectric CWE-863
5.0
2021-10-08 CVE-2021-20600 Resource Exhaustion vulnerability in Mitsubishielectric R12Ccpu-V Firmware
Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up.
4.3
2021-10-07 CVE-2021-20602 Improper Handling of Exceptional Conditions vulnerability in Mitsubishielectric products
Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.
network
low complexity
mitsubishielectric CWE-755
5.0
2021-10-07 CVE-2021-20603 Improper Input Validation vulnerability in Mitsubishielectric products
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.
network
low complexity
mitsubishielectric CWE-20
5.0
2021-10-07 CVE-2021-20604 Improper Input Validation vulnerability in Mitsubishielectric products
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.
network
low complexity
mitsubishielectric CWE-20
5.0
2021-10-07 CVE-2021-20605 Improper Input Validation vulnerability in Mitsubishielectric products
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.
network
low complexity
mitsubishielectric CWE-20
5.0
2021-08-06 CVE-2021-20594 Information Exposure vulnerability in Mitsubishielectric products
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.
network
low complexity
mitsubishielectric CWE-200
5.0
2021-08-06 CVE-2021-20597 Insufficiently Protected Credentials vulnerability in Mitsubishielectric products
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
network
low complexity
mitsubishielectric CWE-522
6.4
2021-08-06 CVE-2021-20598 Improper Authentication vulnerability in Mitsubishielectric products
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password.
network
low complexity
mitsubishielectric CWE-287
5.0
2021-08-05 CVE-2021-20592 Improper Synchronization vulnerability in Mitsubishielectric products
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target.
network
low complexity
mitsubishielectric CWE-662
7.8