Filtered by vendor Mitsubishielectric
Subscribe
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26314 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. | |||||
| CVE-2024-25088 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. | |||||
| CVE-2024-25087 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 5.5 MEDIUM |
| Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error. | |||||
| CVE-2024-25086 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. | |||||
| CVE-2024-22106 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). | |||||
| CVE-2024-22105 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 5.5 MEDIUM |
| Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error. | |||||
| CVE-2024-22104 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 5.5 MEDIUM |
| Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | |||||
| CVE-2024-22103 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 5.5 MEDIUM |
| Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | |||||
| CVE-2024-22102 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 5.5 MEDIUM |
| Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error. | |||||
| CVE-2023-51778 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 5.5 MEDIUM |
| Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | |||||
| CVE-2023-51777 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 5.5 MEDIUM |
| Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error. | |||||
| CVE-2023-51776 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-07-05 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. | |||||
| CVE-2023-4088 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-07-04 | N/A | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder. | |||||
| CVE-2021-20597 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-05-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. | |||||
| CVE-2021-20594 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names. | |||||
| CVE-2021-20599 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | |||||
| CVE-2023-4625 | 1 Mitsubishielectric | 126 Fx5s-30mr\/es, Fx5s-30mr\/es Firmware, Fx5s-30mt\/es and 123 more | 2024-02-15 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. | |||||
| CVE-2023-6942 | 1 Mitsubishielectric | 10 Ezsocket, Fr Configurator2, Got1000 and 7 more | 2024-02-08 | N/A | 7.5 HIGH |
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally. | |||||
| CVE-2023-6943 | 1 Mitsubishielectric | 10 Ezsocket, Fr Configurator2, Got1000 and 7 more | 2024-02-08 | N/A | 9.8 CRITICAL |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. | |||||
| CVE-2023-6374 | 1 Mitsubishielectric | 2 Melsec Ws0-geth00200, Melsec Ws0-geth00200 Firmware | 2024-02-06 | N/A | 7.5 HIGH |
| Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules. | |||||