Vulnerabilities > Mitsubishielectric

DATE CVE VULNERABILITY TITLE RISK
2020-06-23 CVE-2020-5594 Cleartext Transmission of Sensitive Information vulnerability in Mitsubishielectric products
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.
network
low complexity
mitsubishielectric CWE-319
7.5
2020-06-10 CVE-2020-13238 Resource Exhaustion vulnerability in Mitsubishielectric products
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time.
network
low complexity
mitsubishielectric CWE-400
7.8
2020-03-30 CVE-2020-5527 Resource Exhaustion vulnerability in Mitsubishielectric products
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly.
network
low complexity
mitsubishielectric CWE-400
5.0
2020-03-16 CVE-2020-5547 Improper Input Validation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7
Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-20
7.5
2020-03-16 CVE-2020-5546 Argument Injection or Modification vulnerability in Mitsubishielectric Iu1-1M20-D Firmware
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.
low complexity
mitsubishielectric CWE-88
5.8
2020-03-16 CVE-2020-5545 Unspecified vulnerability in Mitsubishielectric Iu1-1M20-D Firmware
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet.
network
low complexity
mitsubishielectric
7.5
2020-03-16 CVE-2020-5544 NULL Pointer Dereference vulnerability in Mitsubishielectric Iu1-1M20-D Firmware
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-476
7.5
2020-03-16 CVE-2020-5543 Session Fixation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
7.5
2020-03-16 CVE-2020-5542 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitsubishielectric Iu1-1M20-D Firmware
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-119
7.5
2020-02-17 CVE-2020-5531 Unspecified vulnerability in Mitsubishielectric products
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors.
network
low complexity
mitsubishielectric
7.5