Vulnerabilities > Mitsubishielectric > FX5 Enet IP Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-02 | CVE-2023-2060 | Weak Password Requirements vulnerability in Mitsubishielectric products Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing. | 7.5 |
2023-06-02 | CVE-2023-2061 | Use of Hard-coded Credentials vulnerability in Mitsubishielectric products Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP. | 7.5 |
2023-06-02 | CVE-2023-2063 | Unrestricted Upload of File with Dangerous Type vulnerability in Mitsubishielectric products Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. | 7.3 |
2023-03-03 | CVE-2023-0457 | Insufficiently Protected Credentials vulnerability in Mitsubishielectric products Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. | 7.5 |
2020-10-05 | CVE-2020-16226 | Predictable Exact Value from Previous Values vulnerability in Mitsubishielectric products Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. | 7.5 |