Vulnerabilities > Mitsubishielectric > R32Psfcpu Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2023-6815 Incorrect Privilege Assignment vulnerability in Mitsubishielectric products
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
network
low complexity
mitsubishielectric CWE-266
6.5
2021-08-06 CVE-2021-20598 Improper Authentication vulnerability in Mitsubishielectric products
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password.
network
low complexity
mitsubishielectric CWE-287
5.0