Note:
This project will be discontinued after December 13, 2021. [more]
Product:
R120psfcpu_firmware
(Mitsubishielectric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-13 | CVE-2023-6815 | Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. | R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware | 6.5 | ||
| 2021-08-06 | CVE-2021-20597 | Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. | R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware | 9.1 | ||
| 2021-08-06 | CVE-2021-20594 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names. | R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware | 7.5 | ||
| 2021-10-14 | CVE-2021-20599 | Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware | 7.5 | ||
| 2020-11-20 | CVE-2020-5668 | Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier,... | R00cpu_firmware, R01cpu_firmware, R02cpu_firmware, R04cpu_firmware, R08cpu_firmware, R08pcpu_firmware, R08psfcpu_firmware, R08sfcpu_firmware, R120cpu_firmware, R120pcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16cpu_firmware, R16pcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32cpu_firmware, R32pcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware, Rj71c24\-R2_firmware, Rj71c24\-R4_firmware, Rj71en71_firmware, Rj71gf11\-T2_firmware, Rj71gn11\-T2_firmware, Rj71gp21\-Sx_firmware, Rj71gp21s\-Sx_firmware, Rj72gf15\-T2_firmware | 7.5 | ||
| 2021-08-06 | CVE-2021-20598 | Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password. | R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware | 5.3 | ||
| 2021-06-11 | CVE-2021-20591 | Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition. | R00cpu_firmware, R01cpu_firmware, R02cpu_firmware, R04cpu_firmware, R08cpu_firmware, R08pcpu_firmware, R08psfcpu_firmware, R08sfcpu_firmware, R120cpu_firmware, R120pcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16cpu_firmware, R16pcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32cpu_firmware, R32pcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware | 7.5 |