Vulnerabilities > Mitsubishielectric

DATE CVE VULNERABILITY TITLE RISK
2024-07-02 CVE-2024-22102 Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error.
local
low complexity
jungo mitsubishielectric
5.5
2024-07-02 CVE-2024-22103 Out-of-bounds Write vulnerability in multiple products
Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).
local
low complexity
jungo mitsubishielectric CWE-787
5.5
2024-07-02 CVE-2024-22104 Out-of-bounds Write vulnerability in multiple products
Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).
local
low complexity
jungo mitsubishielectric CWE-787
5.5
2024-02-13 CVE-2023-6815 Unspecified vulnerability in Mitsubishielectric products
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
network
low complexity
mitsubishielectric
6.5
2024-01-30 CVE-2023-6374 Unspecified vulnerability in Mitsubishielectric Melsec Ws0-Geth00200 Firmware
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module.
network
low complexity
mitsubishielectric
7.5
2024-01-30 CVE-2023-6942 Unspecified vulnerability in Mitsubishielectric products
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
network
low complexity
mitsubishielectric
7.5
2024-01-30 CVE-2023-6943 Unspecified vulnerability in Mitsubishielectric products
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
network
low complexity
mitsubishielectric
critical
9.8
2023-11-30 CVE-2023-5274 Improper Input Validation vulnerability in Mitsubishielectric GX Works2
Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets.
local
high complexity
mitsubishielectric CWE-20
4.7
2023-11-30 CVE-2023-5275 Improper Input Validation vulnerability in Mitsubishielectric GX Works2
Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets.
local
high complexity
mitsubishielectric CWE-20
4.7
2023-11-30 CVE-2023-5247 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mitsubishielectric products
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.
local
low complexity
mitsubishielectric CWE-610
7.8