Vulnerabilities > Mitsubishielectric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-07 | CVE-2020-5595 | Classic Buffer Overflow vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 9.8 |
| 2020-06-23 | CVE-2020-5594 | Cleartext Transmission of Sensitive Information vulnerability in Mitsubishielectric products Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. | 9.8 |
| 2020-03-16 | CVE-2020-5547 | Unspecified vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7 Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 9.8 |
| 2020-03-16 | CVE-2020-5545 | Unspecified vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7 TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet. | 9.8 |
| 2020-03-16 | CVE-2020-5544 | NULL Pointer Dereference vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7 Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 9.8 |
| 2020-03-16 | CVE-2020-5543 | Session Fixation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7 TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 9.8 |
| 2020-03-16 | CVE-2020-5542 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7 Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 9.8 |
| 2020-02-17 | CVE-2020-5531 | Unspecified vulnerability in Mitsubishielectric products Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. | 9.8 |
| 2019-10-28 | CVE-2019-14931 | OS Command Injection vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 9.8 |
| 2019-10-28 | CVE-2019-14930 | Use of Hard-coded Credentials vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 9.8 |