2021-02-19
|
CVE-2021-20588
|
Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000)...
|
C_controller_module_setting_and_monitoring_tool, Cpu_module_logging_configuration_tool, Cw_configurator, Data_transfer, Ezsocket, Fr_configurator, Fr_configurator2, Fr_configurator_sw3, Gt_designer3, Gt_softgot1000, Gt_softgot2000, Gx_configurator\-Dp, Gx_configurator\-Qp, Gx_developer, Gx_explorer, Gx_iec_developer, Gx_logviewer, Gx_remoteservice\-I, Gx_works2, Gx_works3, Iq_monozukuri_andon, Iq_monozukuri_process_remote_monitoring, M_commdtm\-Hart, M_commdtm\-Io\-Link, Melfa\-Works, Melsec_wincpu_setting_utility, Melsoft_em_software_development_kit, Melsoft_navigator, Mh11_settingtool_version2, Mi_configurator, Mt_works2, Mx_component, Network_interface_board_cc\-Link, Network_interface_board_cc_ie_control_utility, Network_interface_board_cc_ie_field_utility, Network_interface_board_mneth_utility, Px_developer, Rt_toolbox2, Rt_toolbox3, Setting\/monitoring_tools_for_the_c_controller_module, Slmp_data_collector
|
9.8
|
|
|
2021-08-05
|
CVE-2021-20592
|
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and...
|
Got2000_gt23_firmware, Got2000_gt25_firmware, Got2000_gt27_firmware, Gt_softgot2000
|
7.5
|
|
|
2021-11-23
|
CVE-2021-20601
|
Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected,...
|
Got2000_gt2103\-Pmbd_firmware, Got2000_gt2103\-Pmbds2_firmware, Got2000_gt2103\-Pmbds_firmware, Got2000_gt2103\-Pmbls_firmware, Got2000_gt2104\-Rtbd_firmware, Got2000_gt2107\-Wtbd_firmware, Got2000_gt2308\-Vtba_firmware, Got2000_gt2308\-Vtbd_firmware, Got2000_gt2310\-Vtba_firmware, Got2000_gt2310\-Vtbd_firmware, Got2000_gt2505\-Vtbd_firmware, Got2000_gt2505hs\-Vtbd_firmware, Got2000_gt2506hs\-Vtbd_firmware, Got2000_gt2507\-Wtbd_firmware, Got2000_gt2507\-Wtsd_firmware, Got2000_gt2507t\-Wtsd_firmware, Got2000_gt2508\-Vtba_firmware, Got2000_gt2508\-Vtbd_firmware, Got2000_gt2508\-Vtwa_firmware, Got2000_gt2508\-Vtwd_firmware, Got2000_gt2510\-Vtba_firmware, Got2000_gt2510\-Vtbd_firmware, Got2000_gt2510\-Vtwa_firmware, Got2000_gt2510\-Vtwd_firmware, Got2000_gt2510\-Wxtbd_firmware, Got2000_gt2510\-Wxtsd_firmware, Got2000_gt2512\-Stba_firmware, Got2000_gt2512\-Stbd_firmware, Got2000_gt2512\-Wxtbd_firmware, Got2000_gt2512\-Wxtsd_firmware, Got2000_gt2705\-Vtbd_firmware, Got2000_gt2708\-Stba_firmware, Got2000_gt2708\-Stbd_firmware, Got2000_gt2708\-Vtba_firmware, Got2000_gt2708\-Vtbd_firmware, Got2000_gt2710\-Stba_firmware, Got2000_gt2710\-Stbd_firmware, Got2000_gt2710\-Vtba_firmware, Got2000_gt2710\-Vtbd_firmware, Got2000_gt2710\-Vtwa_firmware, Got2000_gt2710\-Vtwd_firmware, Got2000_gt2712\-Stba_firmware, Got2000_gt2712\-Stbd_firmware, Got2000_gt2712\-Stwa_firmware, Got2000_gt2712\-Stwd_firmware, Got2000_gt2715\-Xtba_firmware, Got2000_gt2715\-Xtbd_firmware, Got_simple_gs2107\-Wtbd_firmware, Got_simple_gs2110\-Wtbd_firmware, Gt_softgot2000
|
7.5
|
|
|
2022-02-11
|
CVE-2020-14521
|
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
|
C_controller_interface_module_utility, C_controller_module_setting_and_monitoring_tool, Cc\-Link_ie_control_network_data_collector, Cc\-Link_ie_field_network_data_collector, Cc\-Link_ie_tsn_data_collector, Cpu_module_logging_configuration_tool, Cw_configurator, Data_transfer, Ezsocket, Fr_configurator2, Fr_configurator_sw3, Gt_designer2_classic, Gt_designer3, Gt_softgot1000, Gt_softgot2000, Gx_developer, Gx_logviewer, Gx_works2, Gx_works3, M_commdtm\-Io\-Link, Melfa\-Works, Melsec_wincpu_setting_utility, Melsoft_complete_clean_up_tool, Melsoft_em_software_development_kit, Melsoft_iq_appportal, Melsoft_navigator, Mi_configurator, Motion_control_setting, Motorizer, Mr_configurator2, Mt_works2, Mtconnect_data_collector, Mx_component, Mx_mesinterface, Mx_mesinterface\-R, Mx_sheet, Network_interface_board_cc\-Link_ver\.2_utility_firmware, Network_interface_board_cc_ie_control_utility_firmware, Network_interface_board_cc_ie_field_utility_firmware, Network_interface_board_mneth_utility_firmware, Position_board_utility_2, Px_developer, Rt_toolbox2, Rt_toolbox3, Setting\/monitoring_tools_for_the_c_controller_module, Slmp_data_collector
|
9.8
|
|
|
2022-05-19
|
CVE-2020-14496
|
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
|
Cpu_module_logging_configuration_tool, Cw_configurator, Data_transfer, Em_configurator, Ezsocket, Fr_configurator2, Gt_designer3, Gt_softgot1000, Gt_softgot2000, Gx_logviewer, Gx_works2, Gx_works3, M_commdtm\-Hart, M_commdtm\-Io\-Link, Melfa\-Works, Melsoft_fielddeviceconfigurator, Melsoft_navigator, Mh11_settingtool_version2, Motorizer, Mr_configurator2, Mt_works2, Mx_component, Network_interface_board_cc\-Link_ver\.2_utility, Network_interface_board_cc_ie_control_utility, Network_interface_board_cc_ie_field_utility, Network_interface_board_mneth_utility, Px_developer, Rt_toolbox2, Rt_toolbox3
|
9.8
|
|
|
2023-02-02
|
CVE-2022-40268
|
Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking.
|
Gt25_firmware, Gt27_firmware, Gt_softgot2000
|
4.7
|
|
|
2023-02-02
|
CVE-2022-40269
|
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.
|
Gt25_firmware, Gt27_firmware, Gt_softgot2000
|
8.1
|
|
|
2023-08-04
|
CVE-2023-0525
|
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated...
|
Gs21_firmware, Gs25_firmware, Gt21_firmware, Gt23_firmware, Gt25_firmware, Gt27_firmware, Gt_designer3, Gt_softgot2000
|
7.5
|
|
|
2024-07-02
|
CVE-2023-51776
|
Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.
|
Windriver, Cpu_module_logging_configuration_tool, Cw_configurator, Data_transfer, Data_transfer_classic, Ezsocket, Fr_configurator2, Fr_configurator_sw3, Genesis64, Gt_got1000, Gt_got2000, Gt_softgot1000, Gt_softgot2000, Gx_developer, Gx_logviewer, Gx_works2, Gx_works3, Iq_works, Mi_configurator, Mr_configurator, Mr_configurator2, Mrzjw3\-Mc2\-Utl_firmware, Mx_component, Mx_opc_server_da\/ua, Numerical_control_device_communication, Px_developer\/monitor_tool, Rt_toolbox3, Rt_visualbox, Sw0dnc\-Mneth\-B_firmware, Sw1dnc\-Ccbd2\-B_firmware, Sw1dnc\-Ccief\-B_firmware, Sw1dnc\-Ccief\-J_firmware, Sw1dnc\-Mnetg\-B_firmware, Sw1dnc\-Qsccf\-B_firmware, Sw1dnd\-Emsdk\-B_firmware
|
7.8
|
|
|
2024-07-02
|
CVE-2023-51778
|
Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).
|
Windriver, Cpu_module_logging_configuration_tool, Cw_configurator, Data_transfer, Data_transfer_classic, Ezsocket, Fr_configurator2, Fr_configurator_sw3, Genesis64, Gt_got1000, Gt_got2000, Gt_softgot1000, Gt_softgot2000, Gx_developer, Gx_logviewer, Gx_works2, Gx_works3, Iq_works, Mi_configurator, Mr_configurator, Mr_configurator2, Mrzjw3\-Mc2\-Utl_firmware, Mx_component, Mx_opc_server_da\/ua, Numerical_control_device_communication, Px_developer\/monitor_tool, Rt_toolbox3, Rt_visualbox, Sw0dnc\-Mneth\-B_firmware, Sw1dnc\-Ccbd2\-B_firmware, Sw1dnc\-Ccief\-B_firmware, Sw1dnc\-Ccief\-J_firmware, Sw1dnc\-Mnetg\-B_firmware, Sw1dnc\-Qsccf\-B_firmware, Sw1dnd\-Emsdk\-B_firmware
|
5.5
|
|
|