Vulnerabilities > Mitsubishielectric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-17 | CVE-2021-20608 | Unspecified vulnerability in Mitsubishielectric GX Works2 1.590Q/1.597X Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file. | 5.0 |
| 2021-11-23 | CVE-2021-20601 | Improper Input Validation vulnerability in Mitsubishielectric products Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. | 7.8 |
| 2021-10-15 | CVE-2018-16060 | Forced Browsing vulnerability in Mitsubishielectric Smartrtu Firmware Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI. | 5.0 |
| 2021-10-15 | CVE-2018-16061 | Cross-site Scripting vulnerability in Mitsubishielectric Smartrtu Firmware Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php. | 4.3 |
| 2021-10-14 | CVE-2021-20599 | Cleartext Transmission of Sensitive Information vulnerability in Mitsubishielectric products Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | 7.5 |
| 2021-10-08 | CVE-2021-20600 | Resource Exhaustion vulnerability in Mitsubishielectric R12Ccpu-V Firmware 11 Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. | 5.9 |
| 2021-08-06 | CVE-2021-20594 | Information Exposure vulnerability in Mitsubishielectric products Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names. | 7.5 |
| 2021-08-06 | CVE-2021-20597 | Insufficiently Protected Credentials vulnerability in Mitsubishielectric products Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. | 9.1 |
| 2021-08-06 | CVE-2021-20598 | Improper Authentication vulnerability in Mitsubishielectric products Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password. | 5.0 |
| 2021-08-05 | CVE-2021-20592 | Improper Synchronization vulnerability in Mitsubishielectric products Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. | 7.5 |