Vulnerabilities > Mitsubishielectric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-05 | CVE-2020-16226 | Predictable Exact Value from Previous Values vulnerability in Mitsubishielectric products Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. | 7.5 |
| 2020-07-16 | CVE-2020-12011 | Out-of-bounds Write vulnerability in multiple products A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. | 7.5 |
| 2020-07-07 | CVE-2020-5595 | Classic Buffer Overflow vulnerability in Mitsubishielectric Coreos Y TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 7.5 |
| 2020-06-23 | CVE-2020-5594 | Cleartext Transmission of Sensitive Information vulnerability in Mitsubishielectric products Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. | 7.5 |
| 2020-06-10 | CVE-2020-13238 | Resource Exhaustion vulnerability in Mitsubishielectric products Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. | 7.8 |
| 2020-03-16 | CVE-2020-5547 | Improper Input Validation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7 Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5545 | Unspecified vulnerability in Mitsubishielectric Iu1-1M20-D Firmware TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5544 | NULL Pointer Dereference vulnerability in Mitsubishielectric Iu1-1M20-D Firmware Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5543 | Session Fixation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-16 | CVE-2020-5542 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitsubishielectric Iu1-1M20-D Firmware Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |