Product:

R120sfcpu_firmware

(Mitsubishielectric)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 8
Date Id Summary Products Score Patch Annotated
2020-11-20 CVE-2020-5668 Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier,... R00cpu_firmware, R01cpu_firmware, R02cpu_firmware, R04cpu_firmware, R08cpu_firmware, R08pcpu_firmware, R08psfcpu_firmware, R08sfcpu_firmware, R120cpu_firmware, R120pcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16cpu_firmware, R16pcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32cpu_firmware, R32pcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware, Rj71c24\-R2_firmware, Rj71c24\-R4_firmware, Rj71en71_firmware, Rj71gf11\-T2_firmware, Rj71gn11\-T2_firmware, Rj71gp21\-Sx_firmware, Rj71gp21s\-Sx_firmware, Rj72gf15\-T2_firmware 7.5
2020-11-30 CVE-2020-16850 Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2. R00cpu_firmware, R01cpu_firmware, R02cpu_firmware, R04cpu_firmware, R08cpu_firmware, R08pcpu_firmware, R08sfcpu_firmware, R120cpu_firmware, R120pcpu_firmware, R120sfcpu_firmware, R16cpu_firmware, R16mtcpu_firmware, R16pcpu_firmware, R16sfcpu_firmware, R32cpu_firmware, R32mtcpu_firmware, R32pcpu_firmware, R32sfcpu_firmware, R64mtcpu_firmware 7.5
2021-06-11 CVE-2021-20591 Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition. R00cpu_firmware, R01cpu_firmware, R02cpu_firmware, R04cpu_firmware, R08cpu_firmware, R08pcpu_firmware, R08psfcpu_firmware, R08sfcpu_firmware, R120cpu_firmware, R120pcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16cpu_firmware, R16pcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32cpu_firmware, R32pcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware 7.5
2021-08-06 CVE-2021-20594 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names. R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware 7.5
2021-08-06 CVE-2021-20597 Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware 9.1
2021-08-06 CVE-2021-20598 Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password. R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware 5.3
2021-10-14 CVE-2021-20599 Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware 7.5
2024-02-13 CVE-2023-6815 Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. R08psfcpu_firmware, R08sfcpu_firmware, R120psfcpu_firmware, R120sfcpu_firmware, R16psfcpu_firmware, R16sfcpu_firmware, R32psfcpu_firmware, R32sfcpu_firmware 6.5