Vulnerabilities > Mitsubishielectric

DATE CVE VULNERABILITY TITLE RISK
2021-12-17 CVE-2021-20608 Unspecified vulnerability in Mitsubishielectric GX Works2
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.
network
low complexity
mitsubishielectric
7.5
2021-11-23 CVE-2021-20601 Improper Input Validation vulnerability in Mitsubishielectric products
Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value.
network
low complexity
mitsubishielectric CWE-20
7.5
2021-10-15 CVE-2018-16060 Forced Browsing vulnerability in Mitsubishielectric Smartrtu Firmware
Mitsubishi Electric Europe B.V.
network
low complexity
mitsubishielectric CWE-425
7.5
2021-10-15 CVE-2018-16061 Cross-site Scripting vulnerability in Mitsubishielectric Smartrtu Firmware
Mitsubishi Electric Europe B.V.
network
low complexity
mitsubishielectric CWE-79
6.1
2021-10-14 CVE-2021-20599 Unspecified vulnerability in Mitsubishielectric products
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.
network
low complexity
mitsubishielectric
7.5
2021-10-08 CVE-2021-20600 Resource Exhaustion vulnerability in Mitsubishielectric R12Ccpu-V Firmware 11
Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up.
network
high complexity
mitsubishielectric CWE-400
5.9
2021-08-06 CVE-2021-20594 Information Exposure vulnerability in Mitsubishielectric products
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.
network
low complexity
mitsubishielectric CWE-200
7.5
2021-08-06 CVE-2021-20597 Insufficiently Protected Credentials vulnerability in Mitsubishielectric products
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
network
low complexity
mitsubishielectric CWE-522
critical
9.1
2021-08-06 CVE-2021-20598 Improper Authentication vulnerability in Mitsubishielectric products
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password.
network
low complexity
mitsubishielectric CWE-287
5.3
2021-08-05 CVE-2021-20592 Improper Synchronization vulnerability in Mitsubishielectric products
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target.
network
low complexity
mitsubishielectric CWE-662
7.5