Vulnerabilities > Mitsubishielectric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-22102 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error. | 5.5 |
| 2024-07-02 | CVE-2024-22103 | Out-of-bounds Write vulnerability in multiple products Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | 5.5 |
| 2024-07-02 | CVE-2024-22104 | Out-of-bounds Write vulnerability in multiple products Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | 5.5 |
| 2024-02-13 | CVE-2023-6815 | Incorrect Privilege Assignment vulnerability in Mitsubishielectric products Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. | 6.5 |
| 2024-01-30 | CVE-2023-6374 | Authentication Bypass by Capture-replay vulnerability in Mitsubishielectric Melsec Ws0-Geth00200 Firmware Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. | 7.5 |
| 2024-01-30 | CVE-2023-6942 | Missing Authentication for Critical Function vulnerability in Mitsubishielectric products Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally. | 7.5 |
| 2024-01-30 | CVE-2023-6943 | Unsafe Reflection vulnerability in Mitsubishielectric products Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. | 9.8 |
| 2023-11-30 | CVE-2023-5274 | Improper Input Validation vulnerability in Mitsubishielectric GX Works2 Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. | 4.7 |
| 2023-11-30 | CVE-2023-5275 | Improper Input Validation vulnerability in Mitsubishielectric GX Works2 Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. | 4.7 |
| 2023-11-30 | CVE-2023-5247 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mitsubishielectric products Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. | 7.8 |