Vulnerabilities > Mitsubishielectric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2020-5544 | NULL Pointer Dereference vulnerability in Mitsubishielectric Iu1-1M20-D Firmware Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5543 | Session Fixation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5542 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitsubishielectric Iu1-1M20-D Firmware Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-02-17 | CVE-2020-5531 | Unspecified vulnerability in Mitsubishielectric products Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. | 7.5 |
| 2019-11-13 | CVE-2019-13555 | Resource Exhaustion vulnerability in Mitsubishielectric products In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. | 4.3 |
| 2019-10-28 | CVE-2019-14931 | OS Command Injection vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 9.8 |
| 2019-10-28 | CVE-2019-14930 | Use of Hard-coded Credentials vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 9.8 |
| 2019-10-28 | CVE-2019-14929 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 9.8 |
| 2019-10-28 | CVE-2019-14928 | Cross-site Scripting vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 5.4 |
| 2019-10-28 | CVE-2019-14927 | Forced Browsing vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 7.5 |