Vulnerabilities > Mitsubishielectric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-30 | CVE-2020-5602 | XXE vulnerability in Mitsubishielectric products Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. | 5.0 |
| 2020-03-30 | CVE-2020-5527 | Resource Exhaustion vulnerability in Mitsubishielectric products When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. | 5.0 |
| 2020-03-16 | CVE-2020-5546 | Argument Injection or Modification vulnerability in Mitsubishielectric Iu1-1M20-D Firmware Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet. | 5.8 |
| 2019-11-13 | CVE-2019-13555 | Resource Exhaustion vulnerability in Mitsubishielectric products In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. | 4.3 |
| 2019-10-28 | CVE-2019-14928 | Cross-site Scripting vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 5.4 |
| 2019-10-28 | CVE-2019-14925 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 6.5 |
| 2019-07-26 | CVE-2019-10976 | XXE vulnerability in Mitsubishielectric Electric FR Configurator2 Firmware Mitsubishi Electric FR Configurator2, Version 1.16S and prior. | 4.3 |
| 2017-02-13 | CVE-2016-8370 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mitsubishielectric products An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. | 5.0 |
| 2017-02-13 | CVE-2016-8368 | Improper Synchronization vulnerability in Mitsubishielectric products An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. | 5.0 |