Vulnerabilities > Mitsubishielectric

DATE CVE VULNERABILITY TITLE RISK
2023-11-06 CVE-2023-4699 Unspecified vulnerability in Mitsubishielectric products
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products.
network
low complexity
mitsubishielectric
critical
9.1
2023-11-06 CVE-2023-4625 Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishielectric products
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function.
network
low complexity
mitsubishielectric CWE-307
5.3
2023-10-13 CVE-2023-4562 Improper Authentication vulnerability in Mitsubishielectric products
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.
network
low complexity
mitsubishielectric CWE-287
critical
9.1
2023-09-20 CVE-2023-4088 Incorrect Default Permissions vulnerability in Mitsubishielectric GX Works3
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.
local
low complexity
mitsubishielectric CWE-276
7.8
2023-08-04 CVE-2023-0525 Inadequate Encryption Strength vulnerability in Mitsubishielectric products
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.
network
low complexity
mitsubishielectric CWE-326
7.5
2023-08-04 CVE-2023-3373 Use of Insufficiently Random Values vulnerability in Mitsubishielectric Gs21 Firmware and Gt21 Firmware
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.
network
low complexity
mitsubishielectric CWE-330
critical
9.1
2023-08-03 CVE-2023-3346 Classic Buffer Overflow vulnerability in Mitsubishielectric products
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets.
network
low complexity
mitsubishielectric CWE-120
critical
9.8
2023-06-30 CVE-2023-2846 Authentication Bypass by Capture-replay vulnerability in Mitsubishielectric products
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
network
low complexity
mitsubishielectric CWE-294
critical
9.1
2023-06-02 CVE-2023-2060 Weak Password Requirements vulnerability in Mitsubishielectric products
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.
network
low complexity
mitsubishielectric CWE-521
7.5
2023-06-02 CVE-2023-2061 Use of Hard-coded Credentials vulnerability in Mitsubishielectric products
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP.
network
low complexity
mitsubishielectric CWE-798
7.5