Mitsubishielectric
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Mitsubishielectric product.
RSS Feeds for Mitsubishielectric security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Mitsubishielectric products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Mitsubishielectric Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 7 vulnerabilities in Mitsubishielectric with an average score of 7.5 out of ten. Last year, in 2025 Mitsubishielectric had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Mitsubishielectric in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.55.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 7.50 |
| 2025 | 8 | 6.95 |
| 2024 | 22 | 6.85 |
| 2023 | 8 | 6.91 |
| 2022 | 23 | 7.73 |
| 2021 | 16 | 7.13 |
| 2020 | 2 | 0.00 |
| 2019 | 1 | 5.50 |
It may take a day or so for new Mitsubishielectric vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mitsubishielectric Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-2399 | Mar 10, 2026 |
Out-of-Bounds Read Causing DoS in Mitsubishi CNC Controllers (TCP 683)Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683. |
|
| CVE-2026-1876 | Mar 03, 2026 |
Mitsubishi iQF FX5ENET/IP UDP DoS via Improper Resource ShutdownImproper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. |
|
| CVE-2026-1875 | Mar 03, 2026 |
MELSEC iQ-F FX5-EIP Module DoS via Improper Resource ShutdownImproper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. |
|
| CVE-2026-1874 | Mar 03, 2026 |
DoS via UDP in Mitsubishi MELSEC iQ-F FX5-ENET/IP <=1.106Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. |
|
| CVE-2025-15080 | Feb 05, 2026 |
Mitsubishi MELSEC iQR Improper Quantity Validation Allows Arbitrary AccessImproper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product. |
|
| CVE-2025-10314 | Feb 05, 2026 |
FREQSHIPmini 8.0.x Default Permission flaw System execIncorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (DoS) condition on the affected system. |
|
| CVE-2021-47884 | Jan 21, 2026 |
CVE-2021-47884: Unquoted Service Path in OKI Config Tool 1.6.53OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges. |
Iu Configuration Tool
|
| CVE-2025-11774 | Dec 19, 2025 |
OS Command Injection in Mitsubishi Electric GENESIS64 10.97.2 CFR3Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 CFR3 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute arbitrary executable files (EXE) when a legitimate user uses the keypad function by tampering with the configuration file for the function. This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE. |
Genesis64
Mc Works64
|
| CVE-2025-11009 | Dec 17, 2025 |
CVE-2025-11009: Cleartext Credentials in Mitsubishi Electric GT Designer3Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT Designer3. This could allow the attacker to operate illegally GOT2000 series or GOT1000 series by using the obtained credentials. |
Gt Designer3
|
| CVE-2025-3784 | Nov 27, 2025 |
GX Works2 Cleartext Storage of Credentials in Project FilesCleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information. |
Gx Works2
|
| CVE-2025-10089 | Nov 18, 2025 |
Local Code Exec via Malicious DLL in Mitsubishi MILCO.S Lighting Control AppUncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application (IR) all versions, MILCO.S Easy Setting Application (IR) all versions, and MILCO.S Easy Switch Application (IR) all versions allows a local attacker to execute malicious code by having installer to load a malicious DLL. However, if the signer name "Mitsubishi Electric Lighting" appears on the "Digital Signatures" tab of the properties for "MILCO.S Lighting Control.exe", the application is a fixed one. This vulnerability only affects when the installer is run, not after installation. If a user downloads directly from Mitsubishi Electric website and installs the affected product, there is no risk of malicious code being introduced. |
|
| CVE-2025-10259 | Nov 06, 2025 |
Mitsubishi MELSEC iQ-F CPU Mod. IoT DoS via TCP Qty ValidationImproper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one. |
Melsec
|
| CVE-2025-3699 | Jun 26, 2025 |
Mitsubishi Electric G-50 AirCo – Auth Bypass < v3.37Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information. |
|
| CVE-2025-0921 | May 15, 2025 |
Mitsubishi GENESIS64/MC Works64: Unnecessary Privileges Local Write DoS (All V)Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions BizViz all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC. |
Genesis64
Mc Works64
|
| CVE-2025-3511 | Apr 25, 2025 |
CC-Link IE TSN Module DoS via Improper UDP Qty ValidationImproper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Series CC-Link IE TSN Master/Local Module, MELSEC iQ-R Series Ethernet Interface Module, CC-Link IE TSN Master/Local Station Communication LSI CP610, MELSEC iQ-F Series FX5 CC-Link IE TSN Master/Local Module, MELSEC iQ-F Series FX5 Ethernet Module, and MELSEC iQ-F Series FX5-ENET/IP Ethernet Module allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets. |
|
| CVE-2024-9852 | Nov 28, 2024 |
Uncontrolled SP Element in GENESIS64 allows DLL hijack for code execUncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. |
Genesis64
Mc Works64
|
| CVE-2024-8300 | Nov 28, 2024 |
Dead Code DLL Tamper RCE in GENESIS64 10.97.3 (ICONICS/Mitsubishi)Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric Iconics Digital Solutions GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, Mitsubishi Electric ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3, and Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. |
Genesis64
|
| CVE-2024-8299 | Nov 28, 2024 |
Uncontrolled Search Path Element in GENESIS64 DLL executionUncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. |
Mc Works64
|
| CVE-2024-7587 | Oct 22, 2024 |
Incorrect Default Permissions in GenBroker32 (<10.97.3)Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32. |
Mc Works64
|
| CVE-2024-7316 | Oct 17, 2024 |
CNC Series DoS via Unvalidated Quantity on TCP Port 683 (Mitsubishi Electric)Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop. |
|
| CVE-2024-1573 | Jul 04, 2024 |
GENESIS64 Improper Auth Mobile Monitor 10.9710.97.2 (Iconics/Mitsubishi)Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.2, and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * Automatic log in option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64 and MC Works64 Security and has permission to log in. |
Mc Works64
|
| CVE-2024-1574 | Jul 04, 2024 |
GENESIS64 10.97-10.97.2 Unsafe Reflection via LicensingUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system. |
Mc Works64
|
| CVE-2024-1182 | Jul 04, 2024 |
GENESIS64/MC Works64 Uncontrolled Search Path Element (CVE-2024-1182)Uncontrolled Search Path Element vulnerability in Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature. |
Mc Works64
|
| CVE-2024-26314 | Jul 02, 2024 |
Privilege Escalation in Jungo WinDriver 6.0.0-16.1.0Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2024-25088 | Jul 02, 2024 |
Jungo WinDriver <12.5.1 PrivEsc via Improper Priv ManImproper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2024-25087 | Jul 02, 2024 |
Jungo WinDriver DoS causing BSOD before v12.7.0Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error. |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2024-25086 | Jul 02, 2024 |
Jungo WinDriver <12.2 Improper Privilege Escalation (CVE-2024-25086)Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2024-22105 | Jul 02, 2024 |
Jungo WinDriver <12.5.1 DoS Causing Windows BSDenial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error. |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2024-22106 | Jul 02, 2024 |
Jungo WinDriver <12.5.1 Improper Privilege Management Exploitable LocallyImproper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2024-22104 | Jul 02, 2024 |
Jungo WinDriver <12.5.1 OOB Write Causing BSOD & DoSOut-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2023-51776 | Jul 02, 2024 |
Jungo WinDriver <12.1.0 Improper Privilege Management, Local Priv EscImproper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2024-22103 | Jul 02, 2024 |
Jungo WinDriver <12.6.0 OOB Write causing BSOD & DoSOut-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2024-22102 | Jul 02, 2024 |
Jungo WinDriver <12.6.0 DoS causes Windows BSODDenial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error. |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2023-51778 | Jul 02, 2024 |
Jungo WinDriver pre-12.1.0 OOB Write Enables BSoD & Local DoSOut-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2023-51777 | Jul 02, 2024 |
Jungo WinDriver <12.1.0 DoS leading to BSODDenial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error. |
Cpu Module Logging Configuration Tool
Cw Configurator
Data Transfer
And others... |
| CVE-2023-6943 | Jan 30, 2024 |
Mitsubishi EZSocket UR Vulnerability (RPC) CVE-2023-6943 3.0-5.92Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. |
Fr Configurator2
Mt Works2
Gx Works3
And others... |
| CVE-2023-6942 | Jan 30, 2024 |
Missing Auth in Mitsubishi EZSocket 3.0-5.92 & GT Designer3 v1.325P/1.320JMissing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally. |
Fr Configurator2
Mt Works2
Gx Works3
And others... |
| CVE-2023-5275 | Nov 30, 2023 |
GX Works2 Improper Input Validation in Simulation Function Leading to Local DoSImproper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. |
Gx Works2
|
| CVE-2023-5274 | Nov 30, 2023 |
GX Works2 DoS via Improper Simulation Input on WindowsImproper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. |
Gx Works2
|
| CVE-2023-5247 | Nov 30, 2023 |
Mitsubishi FA Software File Path Control Malicious Exec (CVE-2023-5247)Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. |
Melsoft Navigator
Gx Works3
Melsoft Iq Appportal
And others... |
| CVE-2023-4699 | Nov 06, 2023 |
Mitsubishi MELSEC CPU Modules: Unauth Remote Command Exec (CVE-2023-4699)Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely. |
|
| CVE-2023-4088 | Sep 20, 2023 |
Mitsubishi FA Software Local Exec via Incorrect File PermissionsIncorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder. |
Gx Works3
|
| CVE-2023-0525 | Aug 04, 2023 |
Weak Password Encoding in Mitsubishi GOT2000 Series 01.49.000Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. |
Gt Designer3
Gt Softgot2000
|
| CVE-2022-40269 | Feb 02, 2023 |
Auth Bypass via Spoofing in Mitsubishi GOT2000 Series before 01.48.000Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes. |
Gt Softgot2000
|
| CVE-2022-40268 | Feb 02, 2023 |
Mitsubishi GOT2000 clickjacking CVE-2022-40268 (<=v01.47)Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. |
Gt Softgot2000
|
| CVE-2022-29827 | Nov 25, 2022 |
GX Works3 Hard-Coded Crypto Key in 1.000A+ (CVE-2022-29827)Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally. |
Gx Works3
|
| CVE-2022-29833 | Nov 25, 2022 |
GX Works3 1.015R+ Insufficiently Protected Credentials Remote DisclosureInsufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally. |
Gx Works3
|
| CVE-2022-29832 | Nov 25, 2022 |
Cleartext Sensitive Data Exposure in Mitsubishi GX Works3 1.015R+Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting. |
Gx Works3
|
| CVE-2022-29831 | Nov 25, 2022 |
Mitsubishi Electric GX Works3 1.015R1.095Z: HardCoded Password Info DisclosureUse of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules. |
Gx Works3
|
| CVE-2022-29830 | Nov 25, 2022 |
GX Works3 Hard-coded Key Remote Disclosure (v1.000A-1.095Z)Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z, and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.065T allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally. |
Gx Works3
|