Vulnerabilities > Mitsubishielectric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-30 | CVE-2020-5603 | Resource Exhaustion vulnerability in Mitsubishielectric products Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. | 5.0 |
| 2020-06-30 | CVE-2020-5602 | XXE vulnerability in Mitsubishielectric products Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. | 5.0 |
| 2020-06-23 | CVE-2020-5594 | Cleartext Transmission of Sensitive Information vulnerability in Mitsubishielectric products Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. | 7.5 |
| 2020-06-10 | CVE-2020-13238 | Resource Exhaustion vulnerability in Mitsubishielectric products Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. | 7.8 |
| 2020-03-30 | CVE-2020-5527 | Resource Exhaustion vulnerability in Mitsubishielectric products When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. | 5.0 |
| 2020-03-16 | CVE-2020-5547 | Improper Input Validation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7 Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5546 | Argument Injection or Modification vulnerability in Mitsubishielectric Iu1-1M20-D Firmware Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet. | 5.8 |
| 2020-03-16 | CVE-2020-5545 | Unspecified vulnerability in Mitsubishielectric Iu1-1M20-D Firmware TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5544 | NULL Pointer Dereference vulnerability in Mitsubishielectric Iu1-1M20-D Firmware Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5543 | Session Fixation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |