2020-10-05
|
CVE-2020-16226
|
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.
|
Conveyor_tracking_application_apr\-Ntr12fh, Conveyor_tracking_application_apr\-Ntr20fh\(N\=1\,2\), Conveyor_tracking_application_apr\-Ntr3fh, Conveyor_tracking_application_apr\-Ntr6fh, Fr\-A820\-E_firmware, Fr\-A840\-E_firmware, Fr\-A842\-E_firmware, Fr\-A860\-E_firmware, Fr\-A862\-E_firmware, Fr\-A8ncge_firmware, Fr\-E800\-Epa_firmware, Fr\-E800\-Epb_firmware, Fr\-F820\-E_firmware, Fr\-F840\-E_firmware, Fr\-F842\-E_firmware, Fr\-F860\-E_firmware, Fr\-F862\-E_firmware, Fx3g\-14mr\/ds_firmware, Fx3g\-14mr\/es_firmware, Fx3g\-14mt\/dss_firmware, Fx3g\-14mt\/ess_firmware, Fx3g\-24mr\/ds_firmware, Fx3g\-24mr\/es_firmware, Fx3g\-24mt\/dss_firmware, Fx3g\-24mt\/ess_firmware, Fx3g\-32_mt\/dss_firmware, Fx3g\-40mr\/ds_firmware, Fx3g\-40mr\/es_firmware, Fx3g\-40mt\/dss_firmware, Fx3g\-40mt\/ess_firmware, Fx3g\-60mr\/ds_firmware, Fx3g\-60mr\/es_firmware, Fx3g\-60mt\/dss_firmware, Fx3g\-60mt\/ess_firmware, Fx3u\-Enet\-L_firmware, Fx3u\-Enet\-P502_firmware, Fx3u\-Enet_firmware, Fx5\-Cclgn\-Ms_firmware, Fx5\-Enet\-Adp_firmware, Fx5\-Enet\/ip_firmware, Fx5\-Enet_firmware, Fx5uc\-32mr\/ds\-Ts_firmware, Fx5uc\-32mt\/d_firmware, Fx5uc\-32mt\/ds\-Ts_firmware, Fx5uc\-32mt\/dss\-Ts_firmware, Fx5uc\-32mt\/dss_firmware, Fx5uj\-24mr\/es_firmware, Fx5uj\-24mt\/es_firmware, Fx5uj\-24mt\/ess_firmware, Fx5uj\-40mr\/es_firmware, Fx5uj\-40mt\/es_firmware, Fx5uj\-40mt\/ess_firmware, Fx5uj\-60mr\/es_firmware, Fx5uj\-60mt\/es_firmware, Fx5uj\-60mt\/ess_firmware, Got1000_series_gt14_firmware, Got2000_series_gt21_firmware, Got_simple_series_gs21_firmware, Gt25\-J71gn13\-T2_firmware, Iu1\-1m20\-D_firmware, L26cpu\-\(P\)bt_firmware, Le7\-40gu\-L_firmware, Lj71e71\-100_firmware, Lncpu\(\-P\)\(N\=02\/06\/26\)_firmware, Mr\-J4\-Tm_firmware, Mr\-Je\-C_firmware, Nz2ft\-Eip_firmware, Nz2ft\-Mt_firmware, Nz2gacp620\-300_firmware, Nz2gacp620\-60_firmware, Q03udecpu_firmware, Q06ccpu\-V_firmware, Q24dhccpu\-V_firmware, Q24dhccpu\-Vg_firmware, Qj71e71\-100_firmware, Qj71mes96_firmware, Qj71mt91_firmware, Qj71ws96_firmware, Qnudehcpu\(N\=04\/06\/10\/13\/20\/26\/50\/100\)_firmware, Qnudpvcpu\(N\=04\/06\/13\/2\)_firmware, Qnudvcpu\(N\=03\/04\/06\/13\/26\)_firmware, R12ccpu\-V_firmware, Rd55up06\-V_firmware, Rd55up12\-V_firmware, Rd78ghv_firmware, Rd78ghw_firmware, Rd78gn\(N\=4\,8\,16\,32\,64\)_firmware, Rj71en71_firmware, Rj71gn11\-T2_firmware, Rncpu\(N\=00\/01\/02\)t_firmware, Rncpu\(N\=04\/08\/16\/32\/120\)_firmware, Rnencpu\(N\=04\/08\/16\/32\/120\)_firmware, Rnpcpu\(N\=08\/16\/32\/120\)_firmware, Rnpsfcpu\(N\=08\/16\/32\/120\)_firmware, Rnsfcpu_\(N\=08\/16\/32\/120\)_firmware
|
9.8
|
|
|
2017-02-13
|
CVE-2016-8368
|
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock.
|
Qj71e71\-100_firmware, Qj71e71\-B2_firmware, Qj71e71\-B5_firmware
|
8.6
|
|
|
2017-02-13
|
CVE-2016-8370
|
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC.
|
Qj71e71\-100_firmware, Qj71e71\-B2_firmware, Qj71e71\-B5_firmware
|
7.5
|
|
|
2019-05-23
|
CVE-2019-10977
|
In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.
|
Qj71e71\-100_firmware
|
7.5
|
|
|