Vulnerabilities > Mitsubishielectric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-5654 | Session Fixation vulnerability in Mitsubishielectric products Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | 5.0 |
| 2020-11-02 | CVE-2020-5652 | Resource Exhaustion vulnerability in Mitsubishielectric products Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition . | 5.0 |
| 2020-07-16 | CVE-2020-12015 | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. | 5.0 |
| 2020-07-16 | CVE-2020-12013 | SQL Injection vulnerability in multiple products A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. | 6.4 |
| 2020-07-16 | CVE-2020-12009 | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. | 5.0 |
| 2020-07-07 | CVE-2020-5600 | Resource Exhaustion vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 5.0 |
| 2020-07-07 | CVE-2020-5598 | Incorrect Authorization vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. | 5.0 |
| 2020-07-07 | CVE-2020-5597 | NULL Pointer Dereference vulnerability in Mitsubishielectric Coreos Y TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 5.0 |
| 2020-07-07 | CVE-2020-5596 | Session Fixation vulnerability in Mitsubishielectric Coreos Y TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 5.0 |
| 2020-06-30 | CVE-2020-5603 | Resource Exhaustion vulnerability in Mitsubishielectric products Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. | 5.0 |