Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-33324

Summary
Assigner-Mitsubishi
Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At-23 Dec, 2022 | 02:24
Updated At-05 Sep, 2024 | 05:25
Rejected At-
Credits

Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Mitsubishi
Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At:23 Dec, 2022 | 02:24
Updated At:05 Sep, 2024 | 05:25
Rejected At:
▼CVE Numbering Authority (CNA)
Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

Affected Products
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R00CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "32" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R01CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "32" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R02CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "32" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R04CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R04ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "65" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R12CCPU-V
Default Status
unaffected
Versions
Affected
  • Firmware versions "17" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-L Series L04HCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "05" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-L Series L08HCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "05" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-L Series L16HCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "05" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-L Series L32HCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "05" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELIPC Series MI5122-VW
Default Status
unaffected
Versions
Affected
  • Firmware versions "07" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Problem Types
TypeCWE IDDescription
CWECWE-404CWE-404 Improper Resource Shutdown or Release
Type: CWE
CWE ID: CWE-404
Description: CWE-404 Improper Resource Shutdown or Release
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ADenial of Service
CAPEC ID: N/A
Description: Denial of Service
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf
vendor-advisory
https://jvn.jp/vu/JVNVU96883262
government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03
government-resource
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf
Resource:
vendor-advisory
Hyperlink: https://jvn.jp/vu/JVNVU96883262
Resource:
government-resource
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03
Resource:
government-resource
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf
x_transferred
https://jvn.jp/vu/JVNVU96883262
x_transferred
https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03
x_transferred
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf
Resource:
x_transferred
Hyperlink: https://jvn.jp/vu/JVNVU96883262
Resource:
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Published At:23 Dec, 2022 | 03:15
Updated At:05 Sep, 2024 | 06:15

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r00_cpu_firmware>>Versions before 33.0(exclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r00_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r01_cpu_firmware>>Versions before 33.0(exclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r01_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r02_cpu_firmware>>Versions before 33.0(exclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r02_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_cpu_firmware>>Versions before 66.0(exclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_cpu_firmware>>Versions before 66.0(exclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_cpu_firmware>>Versions before 66.0(exclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_cpu_firmware>>Versions before 66.0(exclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_cpu_firmware>>Versions before 66.0(exclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r12_ccpu-v_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r12_ccpu-v>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melipc_mi5122-vw_firmware>>*
cpe:2.3:o:mitsubishi:melipc_mi5122-vw_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melipc_mi5122-vw>>-
cpe:2.3:h:mitsubishi:melipc_mi5122-vw:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-l_l04_hcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-l_l04_hcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-l_l04_hcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-l_l04_hcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-l_l08_hcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-l_l08_hcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-l_l08_hcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-l_l08_hcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-l_l16_hcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-l_l16_hcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-l_l16_hcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-l_l16_hcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-l_l32_hcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-l_l32_hcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-l_l32_hcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-l_l32_hcpu:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-404Primarynvd@nist.gov
CWE-404SecondaryMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CWE ID: CWE-404
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-404
Type: Secondary
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU96883262Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Patch
Third Party Advisory
US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdfMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Vendor Advisory
Hyperlink: https://jvn.jp/vu/JVNVU96883262
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-356-03
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-018_en.pdf
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

214Records found

CVE-2026-1876
Matching Score-10
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-10
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 07:03
Updated-30 Apr, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series Ethernet module

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-enet\/ip_firmwaremelsec_iq-f_fx5-enet\/ipMELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-1875
Matching Score-10
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-10
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 06:54
Updated-30 Apr, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-eip_firmwaremelsec_iq-f_fx5-eipMELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-40265
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.6||HIGH
EPSS-0.94% / 56.43%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:04
Updated-24 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-rj71en71_firmwarer08encpur16encpu_firmwarerj71en71r16encpur32encpur32encpu_firmwarer04encpu_firmwarer04encpur120encpur08encpu_firmwarer120encpu_firmwareMELSEC iQ-R Series R04/08/16/32/120ENCPUMELSEC iQ-R Series RJ71EN71
CWE ID-CWE-20
Improper Input Validation
CVE-2026-1874
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.7||HIGH
EPSS-0.42% / 33.89%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 06:46
Updated-04 May, 2026 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module and Ethernet module

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-f_fx5-eip_firmwaremelsec_iq-f_fx5-enet\/ip_firmwaremelsec_iq-f_fx5-eipmelsec_iq-f_fx5-enet\/ipMELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIPMELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2024-8403
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 46.91%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 05:57
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module

Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 to 1.200 and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-MELSEC iQ-F Series FX5-ENETMELSEC iQ-F Series FX5-ENET/IPmelsec_iq-f_series_fx5-enet_ipmelsec_iq-f_series_fx5-enet
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2020-5645
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.83% / 88.81%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 02:06
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gt1450-qmbdegt1455-qtbdecoreosgt1450-qlbdegt1450hs-qmbdegt1455hs-qtbdeGT14 Model of GOT 1000 series
CWE ID-CWE-384
Session Fixation
CVE-2025-3511
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.31%
||
7 Day CHG~0.00%
Published-25 Apr, 2025 | 05:14
Updated-24 Apr, 2026 | 07:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Series CC-Link IE TSN Master/Local Module, MELSEC iQ-R Series Ethernet Interface Module, CC-Link IE TSN Master/Local Station Communication LSI CP610, MELSEC iQ-F Series FX5 CC-Link IE TSN Master/Local Module, MELSEC iQ-F Series FX5 Ethernet Module, and MELSEC iQ-F Series FX5-ENET/IP Ethernet Module allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-CC-Link IE TSN Remote I/O module NZ2GN2B1-32DCC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-300MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IPCC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY NZ2GACP620-60CC-Link IE TSN Remote I/O module NZ2GN2S1-32DTMELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-SXCC-Link IE TSN Remote I/O module NZ2GNCE3-32DCC-Link IE TSN Remote I/O module NZ2GN2B1-32TECC-Link IE TSN Analog-Digital Converter module NZ2GN2B-60AD4CC-Link IE TSN Digital-Analog Converter module NZ2GN2S-60DA4CC-Link IE TSN Remote I/O module NZ2GN2B1-32DTMELSEC iQ-R Series Ethernet Interface Module RJ71EN71CC-Link IE TSN Remote I/O module NZ2GN2B1-16TECC-Link IE TSN Remote I/O module NZ2GNCF1-32DCC-Link IE TSN Remote I/O module NZ2GN12A2-16TECC-Link IE TSN Remote I/O module NZ2GN2S1-16TECC-Link IE TSN FPGA module NZ2GN2S-D41PD02CC-Link IE TSN Remote I/O module NZ2GN2B1-32DTECC-Link IE TSN Remote I/O module NZ2GNCF1-32TCC-Link IE TSN Remote I/O module NZ2GN2S1-32TCC-Link IE TSN Remote I/O module NZ2GN2S1-32DCC-Link IE TSN Remote I/O module NZ2GN2B1-32TCC-Link IE TSN Remote I/O module NZ2GN2S1-16DMELSEC iQ-F Series FX5 CC-Link IE TSN Master/Local Module FX5-CCLGN-MSCC-Link IE TSN Analog-Digital Converter module NZ2GN2S-60AD4MELSEC iQ-F Series FX5 Ethernet Module FX5-ENETCC-Link IE TSN Remote I/O module NZ2GN2S1-32DTEMELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-EIPCC-Link IE TSN Remote I/O module NZ2GN12A4-16DECC-Link IE TSN Remote I/O module NZ2GN2S1-32TECC-Link IE TSN Remote I/O module NZ2GN2B1-16TCC-Link IE TSN FPGA module NZ2GN2S-D41D01CC-Link IE TSN Remote I/O module NZ2GN2S1-16TCC-Link IE TSN Remote I/O module NZ2GN12A42-16DTECC-Link IE TSN Remote I/O module NZ2GN12A42-16DTCC-Link IE TSN FPGA module NZ2GN2S-D41P01MELSEC iQ-R Series CC-Link IE TSN Master/Local Module RJ71GN11-T2CC-Link IE TSN Remote I/O module NZ2GN2B1-16DCC-Link IE TSN Master/Local Station Communication LSI CP610 NZ2GACP610-60CC-Link IE TSN Remote I/O module NZ2GN12A2-16TCC-Link IE TSN Remote I/O module NZ2GN12A4-16DCC-Link IE TSN Digital-Analog Converter module NZ2GN2B-60DA4CC-Link IE TSN Master/Local Station Communication LSI CP610 NZ2KT-NPETNG51CC-Link IE TSN Remote I/O module NZ2GNCE3-32DT
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2021-20611
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-2.99% / 85.67%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 15:41
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_q03udvcpumelsec_iq-r_r16_cpumelsec_q03udecpumelsec_q173dcpu-s1_firmwaremelsec_iq-r_r08_sfcpu_firmwaremelsec_q03udvcpu_firmwaremelsec_iq-r_r08_pcpu_firmwaremelsec_iq-r_r16_cpu_firmwaremelsec_q170mscpu\(-s1\)melsec_iq-r_r32_pcpu_firmwaremelsec_iq-r_r08_pcpumelsec_q10udecpumelsec_l06cpu\(-p\)_firmwaremelsec_iq-r_r32_sfcpumelipc_mi5122-vwmelsec_iq-r_r32_mtcpu_firmwaremelsec_iq-r_r32_mtcpumelsec_q26udvcpumelsec_q172dscpu_firmwaremelsec_q172dcpu-s1melsec_q26dhccpu-lsmelsec_iq-r_r120_sfcpu_firmwaremelsec_iq-r_r02_cpumelipc_mi5122-vw_firmwaremelsec_iq-r_r01_cpu_firmwaremelsec_iq-r_r64_mtcpu_firmwaremelsec_q06udvcpu_firmwaremelsec_l26cpu\(-p\)melsec_q06udecpu_firmwaremelsec_iq-r_r16_pcpu_firmwaremelsec_q170mcpumelsec_iq-r_r16_mtcpumelsec_q06udecpumelsec_q13udpvcpu_firmwaremelsec_iq-r_r08_cpumelsec_iq-r_r04_cpu_firmwaremelsec_iq-r_r00_cpu_firmwaremelsec_q13udvcpumelsec_q170mcpu_firmwaremelsec_q04udvcpu_firmwaremelsec_q04udpvcpumelsec_q13udecpumelsec_iq-r_r16_sfcpu_firmwaremelsec_q06udvcpumelsec_q173dcpu-s1melsec_q100udecpu_firmwaremelsec_q10udecpu_firmwaremelsec_q12dccpu-v_firmwaremelsec_iq-r_r01_cpumelsec_iq-r_r32_cpu_firmwaremelsec_iq-r_r16_mtcpu_firmwaremelsec_q170mscpu\(-s1\)_firmwaremelsec_iq-r_r02_cpu_firmwaremelsec_q24dhccpu-v\(g\)_firmwaremelsec_q13udecpu_firmwaremelsec_iq-r_r04_pcpumelsec_q26udvcpu_firmwaremelsec_q13udpvcpumelsec_mr-mq100melsec_iq-r_r120_pcpumelsec_q24dhccpu-ls_firmwaremelsec_iq-r_r08_cpu_firmwaremelsec_iq-r_r04_pcpu_firmwaremelsec_q26udpvcpu_firmwaremelsec_iq-r_r64_mtcpumelsec_q04udpvcpu_firmwaremelsec_iq-r_r08_sfcpumelsec_q172dscpumelsec_iq-r_r32_cpumelsec_l02cpu\(-p\)melsec_q26udecpumelsec_q06udpvcpumelsec_q20udecpu_firmwaremelsec_iq-r_r32_sfcpu_firmwaremelsec_q24dhccpu-v\(g\)melsec_l06cpu\(-p\)melsec_mr-mq100_firmwaremelsec_q04udecpumelsec_q13udvcpu_firmwaremelsec_l02cpu\(-p\)_firmwaremelsec_q100udecpumelsec_q06udpvcpu_firmwaremelsec_q172dcpu-s1_firmwaremelsec_q20udecpumelsec_iq-r_r16_pcpumelsec_iq-r_r12_ccpu-vmelsec_iq-r_r12_ccpu-v_firmwaremelsec_iq-r_r120_sfcpumelsec_q04udecpu_firmwaremelsec_iq-r_r04_cpumelsec_iq-r_r00_cpumelsec_l26cpu\(-p\)_firmwaremelsec_q173dscpu_firmwaremelsec_q50udecpu_firmwaremelsec_iq-r_r16_sfcpumelsec_q173dscpumelsec_iq-r_r32_pcpumelsec_iq-r_r120_cpumelsec_q12dccpu-vmelsec_l26cpu-\(p\)btmelsec_q26dhccpu-ls_firmwaremelsec_q04udvcpumelsec_q50udecpumelsec_q26udecpu_firmwaremelsec_q03udecpu_firmwaremelsec_q24dhccpu-lsmelsec_l26cpu-\(p\)bt_firmwaremelsec_iq-r_r120_cpu_firmwaremelsec_iq-r_r120_pcpu_firmwaremelsec_q26udpvcpuMELSEC Q Series Q100UDEHCPUMELSEC L Series L06CPU-PMELSEC iQ-R Series R120PSFCPUMELSEC iQ-R Series R16MTCPUMELSEC iQ-R Series R32PSFCPUMELSEC L Series L02CPU-PMELSEC iQ-R Series R04ENCPUMELSEC iQ-R Series R120PCPUMELSEC iQ-R Series R120SFCPUMELSEC iQ-R Series R16PCPUMELSEC iQ-R Series R32SFCPUMELSEC iQ-R Series R64MTCPUMELSEC Q Series Q24DHCCPU-V MELSEC Q Series Q173DCPU-S1MELSEC Q Series Q170MSCPUMELSEC Q Series Q50UDEHCPUMELSEC Q Series Q173DSCPUMELSEC iQ-R Series R08PSFCPUMELSEC iQ-R Series R16SFCPUMELSEC iQ-R Series R16CPUMELSEC L Series L06CPUMELSEC iQ-R Series R16PSFCPUMELSEC Q Series Q04UDPVCPUMELSEC iQ-R Series R04CPUMELSEC iQ-R Series R32MTCPUMELSEC iQ-R Series R32PCPUMELSEC iQ-R Series R01CPUMELSEC Q Series Q06UDEHCPUMELSEC Q Series Q13UDEHCPUMELSEC Q Series Q20UDEHCPUMELIPC Series MI5122-VWMELSEC iQ-R Series R08CPUMELSEC Q Series MR-MQ100MELSEC iQ-R Series R00CPUMELSEC iQ-R Series R08PCPUMELSEC Q Series Q06UDPVCPUMELSEC Q Series Q04UDVCPUMELSEC Q Series Q170MSCPU-S1MELSEC L Series L26CPU-BTMELSEC iQ-R Series R32CPUMELSEC Q Series Q24DHCCPU-LSMELSEC Q Series Q170MCPUMELSEC Q Series Q13UDVCPUMELSEC L Series L26CPUMELSEC Q Series Q26DHCCPU-LSMELSEC iQ-R Series R120CPUMELSEC iQ-R Series R02CPUMELSEC Q Series Q12DCCPU-VMELSEC Q Series Q26UDEHCPUMELSEC Q Series Q06UDVCPUMELSEC iQ-R Series R120ENCPUMELSEC Q Series Q172DSCPUMELSEC Q Series Q26UDVCPUMELSEC L Series L02CPUMELSEC Q Series Q03UDVCPUMELSEC iQ-R Series R08ENCPUMELSEC Q Series Q26UDPVCPUMELSEC L Series L26CPU-PBTMELSEC iQ-R Series R32ENCPUMELSEC iQ-R Series R16ENCPUMELSEC Q Series Q03UDECPUMELSEC Q Series Q172DCPU-S1MELSEC iQ-R Series R08SFCPUMELSEC L Series L26CPU-PMELSEC Q Series Q04UDEHCPUMELSEC iQ-R Series R12CCPU-VMELSEC Q Series Q13UDPVCPUMELSEC Q Series Q24DHCCPU-VGMELSEC Q Series Q10UDEHCPU
CWE ID-CWE-20
Improper Input Validation
CVE-2021-20587
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-3.66% / 88.28%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 19:55
Updated-13 Jun, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_remoteservice-ifr_configurator_sw3gt_softgot1000data_transfermelsoft_navigatormelsoft_em_software_development_kitiq_monozukuri_andonm_commdtm-io-linkgx_logviewergx_developermt_works2network_interface_board_mneth_utilitycw_configuratorezsocketiq_monozukuri_process_remote_monitoringgx_configurator-qpgx_iec_developergx_configurator-dpgt_softgot2000mh11_settingtool_version2fr_configuratorgt_designer3rt_toolbox3mi_configuratorslmp_data_collectorpx_developerrt_toolbox2setting\/monitoring_tools_for_the_c_controller_modulenetwork_interface_board_cc_ie_field_utilitynetwork_interface_board_cc_ie_control_utilitynetwork_interface_board_cc-linkgx_works2gx_explorerm_commdtm-hartcpu_module_logging_configuration_toolc_controller_module_setting_and_monitoring_toolfr_configurator2melfa-worksmelsec_wincpu_setting_utilitygx_works3mx_componentGX Configurator-QPCW ConfiguratorGT SoftGOT2000 Version1FR ConfiguratorM_CommDTM-HARTMELSOFT EM Software Development Kit (EM Configurator)GX ExplorerMELSEC WinCPU Setting UtilityRT ToolBox3M_CommDTM-IO-LinkGX Works3iQ Monozukuri Process Remote Monitoring (Data Transfer)Network Interface Board CC IE Control utilityNetwork Interface Board MNETH utilityGT SoftGOT1000 Version3FR Configurator2EZSocketMT Works2PX DeveloperNetwork Interface Board CC-Link Ver.2 UtilityMELSOFT NavigatorGX Configurator-DPMELFA-WorksSetting/monitoring tools for the C Controller module (SW4PVC-CCPU)Network Interface Board CC IE Field UtilityGT Designer3 Version1(GOT1000)GT Designer3 Version1(GOT2000)CPU Module Logging Configuration TooliQ Monozukuri ANDON (Data Transfer)GX IEC DeveloperGX DeveloperFR Configurator SW3SLMP Data CollectorGX Works2GX RemoteService-IData TransferRT ToolBox2MH11 SettingTool Version2MX ComponentMI ConfiguratorGX LogViewer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20609
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.08%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 15:41
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_q03udvcpumelsec_iq-r_r16_cpumelsec_q03udecpumelsec_q173dcpu-s1_firmwaremelsec_iq-r_r08_sfcpu_firmwaremelsec_q03udvcpu_firmwaremelsec_iq-r_r08_pcpu_firmwaremelsec_iq-r_r16_cpu_firmwaremelsec_q170mscpu\(-s1\)melsec_iq-r_r32_pcpu_firmwaremelsec_iq-r_r08_pcpumelsec_q10udecpumelsec_l06cpu\(-p\)_firmwaremelsec_iq-r_r32_sfcpumelipc_mi5122-vwmelsec_iq-r_r32_mtcpu_firmwaremelsec_iq-r_r32_mtcpumelsec_q26udvcpumelsec_q172dscpu_firmwaremelsec_q172dcpu-s1melsec_q26dhccpu-lsmelsec_iq-r_r120_sfcpu_firmwaremelsec_iq-r_r02_cpumelipc_mi5122-vw_firmwaremelsec_iq-r_r01_cpu_firmwaremelsec_iq-r_r64_mtcpu_firmwaremelsec_q06udvcpu_firmwaremelsec_l26cpu\(-p\)melsec_q06udecpu_firmwaremelsec_iq-r_r16_pcpu_firmwaremelsec_q170mcpumelsec_iq-r_r16_mtcpumelsec_q06udecpumelsec_q13udpvcpu_firmwaremelsec_iq-r_r08_cpumelsec_iq-r_r04_cpu_firmwaremelsec_iq-r_r00_cpu_firmwaremelsec_q13udvcpumelsec_q170mcpu_firmwaremelsec_q04udvcpu_firmwaremelsec_q04udpvcpumelsec_q13udecpumelsec_iq-r_r16_sfcpu_firmwaremelsec_q06udvcpumelsec_q173dcpu-s1melsec_q100udecpu_firmwaremelsec_q10udecpu_firmwaremelsec_q12dccpu-v_firmwaremelsec_iq-r_r01_cpumelsec_iq-r_r32_cpu_firmwaremelsec_iq-r_r16_mtcpu_firmwaremelsec_q170mscpu\(-s1\)_firmwaremelsec_iq-r_r02_cpu_firmwaremelsec_q24dhccpu-v\(g\)_firmwaremelsec_q13udecpu_firmwaremelsec_iq-r_r04_pcpumelsec_q26udvcpu_firmwaremelsec_q13udpvcpumelsec_mr-mq100melsec_iq-r_r120_pcpumelsec_q24dhccpu-ls_firmwaremelsec_iq-r_r08_cpu_firmwaremelsec_iq-r_r04_pcpu_firmwaremelsec_q26udpvcpu_firmwaremelsec_iq-r_r64_mtcpumelsec_q04udpvcpu_firmwaremelsec_iq-r_r08_sfcpumelsec_q172dscpumelsec_iq-r_r32_cpumelsec_l02cpu\(-p\)melsec_q26udecpumelsec_q06udpvcpumelsec_q20udecpu_firmwaremelsec_iq-r_r32_sfcpu_firmwaremelsec_q24dhccpu-v\(g\)melsec_l06cpu\(-p\)melsec_mr-mq100_firmwaremelsec_q04udecpumelsec_q13udvcpu_firmwaremelsec_l02cpu\(-p\)_firmwaremelsec_q100udecpumelsec_q06udpvcpu_firmwaremelsec_q172dcpu-s1_firmwaremelsec_q20udecpumelsec_iq-r_r16_pcpumelsec_iq-r_r12_ccpu-vmelsec_iq-r_r12_ccpu-v_firmwaremelsec_iq-r_r120_sfcpumelsec_q04udecpu_firmwaremelsec_iq-r_r04_cpumelsec_iq-r_r00_cpumelsec_l26cpu\(-p\)_firmwaremelsec_q173dscpu_firmwaremelsec_q50udecpu_firmwaremelsec_iq-r_r16_sfcpumelsec_q173dscpumelsec_iq-r_r32_pcpumelsec_iq-r_r120_cpumelsec_q12dccpu-vmelsec_l26cpu-\(p\)btmelsec_q26dhccpu-ls_firmwaremelsec_q04udvcpumelsec_q50udecpumelsec_q26udecpu_firmwaremelsec_q03udecpu_firmwaremelsec_q24dhccpu-lsmelsec_l26cpu-\(p\)bt_firmwaremelsec_iq-r_r120_cpu_firmwaremelsec_iq-r_r120_pcpu_firmwaremelsec_q26udpvcpuMELSEC Q Series Q100UDEHCPUMELSEC L Series L06CPU-PMELSEC iQ-R Series R120PSFCPUMELSEC iQ-R Series R16MTCPUMELSEC iQ-R Series R32PSFCPUMELSEC L Series L02CPU-PMELSEC iQ-R Series R04ENCPUMELSEC iQ-R Series R120PCPUMELSEC iQ-R Series R120SFCPUMELSEC iQ-R Series R16PCPUMELSEC iQ-R Series R32SFCPUMELSEC iQ-R Series R64MTCPUMELSEC Q Series Q24DHCCPU-V MELSEC Q Series Q173DCPU-S1MELSEC Q Series Q170MSCPUMELSEC Q Series Q50UDEHCPUMELSEC Q Series Q173DSCPUMELSEC iQ-R Series R08PSFCPUMELSEC iQ-R Series R16SFCPUMELSEC iQ-R Series R16CPUMELSEC L Series L06CPUMELSEC iQ-R Series R16PSFCPUMELSEC Q Series Q04UDPVCPUMELSEC iQ-R Series R04CPUMELSEC iQ-R Series R32MTCPUMELSEC iQ-R Series R32PCPUMELSEC iQ-R Series R01CPUMELSEC Q Series Q06UDEHCPUMELSEC Q Series Q13UDEHCPUMELSEC Q Series Q20UDEHCPUMELIPC Series MI5122-VWMELSEC iQ-R Series R08CPUMELSEC Q Series MR-MQ100MELSEC iQ-R Series R00CPUMELSEC iQ-R Series R08PCPUMELSEC Q Series Q06UDPVCPUMELSEC Q Series Q04UDVCPUMELSEC Q Series Q170MSCPU-S1MELSEC L Series L26CPU-BTMELSEC iQ-R Series R32CPUMELSEC Q Series Q24DHCCPU-LSMELSEC Q Series Q170MCPUMELSEC Q Series Q13UDVCPUMELSEC L Series L26CPUMELSEC Q Series Q26DHCCPU-LSMELSEC iQ-R Series R120CPUMELSEC iQ-R Series R02CPUMELSEC Q Series Q12DCCPU-VMELSEC Q Series Q26UDEHCPUMELSEC Q Series Q06UDVCPUMELSEC iQ-R Series R120ENCPUMELSEC Q Series Q172DSCPUMELSEC Q Series Q26UDVCPUMELSEC L Series L02CPUMELSEC Q Series Q03UDVCPUMELSEC iQ-R Series R08ENCPUMELSEC Q Series Q26UDPVCPUMELSEC L Series L26CPU-PBTMELSEC iQ-R Series R32ENCPUMELSEC iQ-R Series R16ENCPUMELSEC Q Series Q03UDECPUMELSEC Q Series Q172DCPU-S1MELSEC iQ-R Series R08SFCPUMELSEC L Series L26CPU-PMELSEC Q Series Q04UDEHCPUMELSEC iQ-R Series R12CCPU-VMELSEC Q Series Q13UDPVCPUMELSEC Q Series Q24DHCCPU-VGMELSEC Q Series Q10UDEHCPU
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-20589
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-1.48% / 70.71%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 10:28
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-gt_softgot2000_firmwaregt23_firmwaregt25gt21_firmwaregs21_firmwaregt25_firmwaregt27gs21gt27_firmwaregt23gt21gt_softgot2000GOT2000 series; GOT SIMPLE series; GT SoftGOT2000; Tension Controller
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-20588
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-5.86% / 92.30%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 19:58
Updated-13 Jun, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_remoteservice-ifr_configurator_sw3gt_softgot1000data_transfermelsoft_navigatormelsoft_em_software_development_kitiq_monozukuri_andonm_commdtm-io-linkgx_logviewergx_developermt_works2network_interface_board_mneth_utilitycw_configuratorezsocketiq_monozukuri_process_remote_monitoringgx_configurator-qpgx_iec_developergx_configurator-dpgt_softgot2000mh11_settingtool_version2fr_configuratorgt_designer3rt_toolbox3mi_configuratorslmp_data_collectorpx_developerrt_toolbox2setting\/monitoring_tools_for_the_c_controller_modulenetwork_interface_board_cc_ie_field_utilitynetwork_interface_board_cc_ie_control_utilitynetwork_interface_board_cc-linkgx_works2gx_explorerm_commdtm-hartcpu_module_logging_configuration_toolc_controller_module_setting_and_monitoring_toolfr_configurator2melfa-worksmelsec_wincpu_setting_utilitygx_works3mx_componentGX Configurator-QPCW ConfiguratorGT SoftGOT2000 Version1FR ConfiguratorM_CommDTM-HARTMELSOFT EM Software Development Kit (EM Configurator)GX ExplorerMELSEC WinCPU Setting UtilityRT ToolBox3M_CommDTM-IO-LinkGX Works3iQ Monozukuri Process Remote Monitoring (Data Transfer)Network Interface Board CC IE Control utilityNetwork Interface Board MNETH utilityGT SoftGOT1000 Version3FR Configurator2EZSocketMT Works2PX DeveloperNetwork Interface Board CC-Link Ver.2 UtilityMELSOFT NavigatorGX Configurator-DPMELFA-WorksSetting/monitoring tools for the C Controller module (SW4PVC-CCPU)Network Interface Board CC IE Field UtilityGT Designer3 Version1(GOT1000)GT Designer3 Version1(GOT2000)CPU Module Logging Configuration TooliQ Monozukuri ANDON (Data Transfer)GX IEC DeveloperGX DeveloperFR Configurator SW3SLMP Data CollectorGX Works2GX RemoteService-IData TransferRT ToolBox2MH11 SettingTool Version2MX ComponentMI ConfiguratorGX LogViewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2021-20610
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.08%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 15:41
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_q03udvcpumelsec_iq-r_r16_cpumelsec_q03udecpumelsec_q173dcpu-s1_firmwaremelsec_iq-r_r08_sfcpu_firmwaremelsec_q03udvcpu_firmwaremelsec_iq-r_r08_pcpu_firmwaremelsec_iq-r_r16_cpu_firmwaremelsec_q170mscpu\(-s1\)melsec_iq-r_r32_pcpu_firmwaremelsec_iq-r_r08_pcpumelsec_q10udecpumelsec_l06cpu\(-p\)_firmwaremelsec_iq-r_r32_sfcpumelipc_mi5122-vwmelsec_iq-r_r32_mtcpu_firmwaremelsec_iq-r_r32_mtcpumelsec_q26udvcpumelsec_q172dscpu_firmwaremelsec_q172dcpu-s1melsec_q26dhccpu-lsmelsec_iq-r_r120_sfcpu_firmwaremelsec_iq-r_r02_cpumelipc_mi5122-vw_firmwaremelsec_iq-r_r01_cpu_firmwaremelsec_iq-r_r64_mtcpu_firmwaremelsec_q06udvcpu_firmwaremelsec_l26cpu\(-p\)melsec_q06udecpu_firmwaremelsec_iq-r_r16_pcpu_firmwaremelsec_q170mcpumelsec_iq-r_r16_mtcpumelsec_q06udecpumelsec_q13udpvcpu_firmwaremelsec_iq-r_r08_cpumelsec_iq-r_r04_cpu_firmwaremelsec_iq-r_r00_cpu_firmwaremelsec_q13udvcpumelsec_q170mcpu_firmwaremelsec_q04udvcpu_firmwaremelsec_q04udpvcpumelsec_q13udecpumelsec_iq-r_r16_sfcpu_firmwaremelsec_q06udvcpumelsec_q173dcpu-s1melsec_q100udecpu_firmwaremelsec_q10udecpu_firmwaremelsec_q12dccpu-v_firmwaremelsec_iq-r_r01_cpumelsec_iq-r_r32_cpu_firmwaremelsec_iq-r_r16_mtcpu_firmwaremelsec_q170mscpu\(-s1\)_firmwaremelsec_iq-r_r02_cpu_firmwaremelsec_q24dhccpu-v\(g\)_firmwaremelsec_q13udecpu_firmwaremelsec_iq-r_r04_pcpumelsec_q26udvcpu_firmwaremelsec_q13udpvcpumelsec_mr-mq100melsec_iq-r_r120_pcpumelsec_q24dhccpu-ls_firmwaremelsec_iq-r_r08_cpu_firmwaremelsec_iq-r_r04_pcpu_firmwaremelsec_q26udpvcpu_firmwaremelsec_iq-r_r64_mtcpumelsec_q04udpvcpu_firmwaremelsec_iq-r_r08_sfcpumelsec_q172dscpumelsec_iq-r_r32_cpumelsec_l02cpu\(-p\)melsec_q26udecpumelsec_q06udpvcpumelsec_q20udecpu_firmwaremelsec_iq-r_r32_sfcpu_firmwaremelsec_q24dhccpu-v\(g\)melsec_l06cpu\(-p\)melsec_mr-mq100_firmwaremelsec_q04udecpumelsec_q13udvcpu_firmwaremelsec_l02cpu\(-p\)_firmwaremelsec_q100udecpumelsec_q06udpvcpu_firmwaremelsec_q172dcpu-s1_firmwaremelsec_q20udecpumelsec_iq-r_r16_pcpumelsec_iq-r_r12_ccpu-vmelsec_iq-r_r12_ccpu-v_firmwaremelsec_iq-r_r120_sfcpumelsec_q04udecpu_firmwaremelsec_iq-r_r04_cpumelsec_iq-r_r00_cpumelsec_l26cpu\(-p\)_firmwaremelsec_q173dscpu_firmwaremelsec_q50udecpu_firmwaremelsec_iq-r_r16_sfcpumelsec_q173dscpumelsec_iq-r_r32_pcpumelsec_iq-r_r120_cpumelsec_q12dccpu-vmelsec_l26cpu-\(p\)btmelsec_q26dhccpu-ls_firmwaremelsec_q04udvcpumelsec_q50udecpumelsec_q26udecpu_firmwaremelsec_q03udecpu_firmwaremelsec_q24dhccpu-lsmelsec_l26cpu-\(p\)bt_firmwaremelsec_iq-r_r120_cpu_firmwaremelsec_iq-r_r120_pcpu_firmwaremelsec_q26udpvcpuMELSEC Q Series Q100UDEHCPUMELSEC L Series L06CPU-PMELSEC iQ-R Series R120PSFCPUMELSEC iQ-R Series R16MTCPUMELSEC iQ-R Series R32PSFCPUMELSEC L Series L02CPU-PMELSEC iQ-R Series R04ENCPUMELSEC iQ-R Series R120PCPUMELSEC iQ-R Series R120SFCPUMELSEC iQ-R Series R16PCPUMELSEC iQ-R Series R32SFCPUMELSEC iQ-R Series R64MTCPUMELSEC Q Series Q24DHCCPU-V MELSEC Q Series Q173DCPU-S1MELSEC Q Series Q170MSCPUMELSEC Q Series Q50UDEHCPUMELSEC Q Series Q173DSCPUMELSEC iQ-R Series R08PSFCPUMELSEC iQ-R Series R16SFCPUMELSEC iQ-R Series R16CPUMELSEC L Series L06CPUMELSEC iQ-R Series R16PSFCPUMELSEC Q Series Q04UDPVCPUMELSEC iQ-R Series R04CPUMELSEC iQ-R Series R32MTCPUMELSEC iQ-R Series R32PCPUMELSEC iQ-R Series R01CPUMELSEC Q Series Q06UDEHCPUMELSEC Q Series Q13UDEHCPUMELSEC Q Series Q20UDEHCPUMELIPC Series MI5122-VWMELSEC iQ-R Series R08CPUMELSEC Q Series MR-MQ100MELSEC iQ-R Series R00CPUMELSEC iQ-R Series R08PCPUMELSEC Q Series Q06UDPVCPUMELSEC Q Series Q04UDVCPUMELSEC Q Series Q170MSCPU-S1MELSEC L Series L26CPU-BTMELSEC iQ-R Series R32CPUMELSEC Q Series Q24DHCCPU-LSMELSEC Q Series Q170MCPUMELSEC Q Series Q13UDVCPUMELSEC L Series L26CPUMELSEC Q Series Q26DHCCPU-LSMELSEC iQ-R Series R120CPUMELSEC iQ-R Series R02CPUMELSEC Q Series Q12DCCPU-VMELSEC Q Series Q26UDEHCPUMELSEC Q Series Q06UDVCPUMELSEC iQ-R Series R120ENCPUMELSEC Q Series Q172DSCPUMELSEC Q Series Q26UDVCPUMELSEC L Series L02CPUMELSEC Q Series Q03UDVCPUMELSEC iQ-R Series R08ENCPUMELSEC Q Series Q26UDPVCPUMELSEC L Series L26CPU-PBTMELSEC iQ-R Series R32ENCPUMELSEC iQ-R Series R16ENCPUMELSEC Q Series Q03UDECPUMELSEC Q Series Q172DCPU-S1MELSEC iQ-R Series R08SFCPUMELSEC L Series L26CPU-PMELSEC Q Series Q04UDEHCPUMELSEC iQ-R Series R12CCPU-VMELSEC Q Series Q13UDPVCPUMELSEC Q Series Q24DHCCPU-VGMELSEC Q Series Q10UDEHCPU
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2020-5597
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.04% / 78.79%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 08:05
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-got2000_gt27got2000_gt23coreosgot2000_gt25GOT2000 series GT27, GT25, and GT23
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5649
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-4.09% / 89.49%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 02:06
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gt1450-qmbdegt1455-qtbdecoreosgt1450-qlbdegt1450hs-qmbdegt1455hs-qtbdeGT14 Model of GOT 1000 series
CVE-2020-5675
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.79% / 84.67%
||
7 Day CHG~0.00%
Published-04 Dec, 2020 | 07:10
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gs2110-wtbdgs2107-wtbd_firmwaregt2107-wtbd_firmwaregs2107-wtbdgt2107-wtbdgs2107-wtbd-n_firmwaregt2107-wtsdgt2103-pmbd_firmwaregt2104-pmbd_firmwaregs2110-wtbd-n_firmwaregt2104-rtbd_firmwarele7-40gu-l_firmwaregt2104-pmbdgt2103-pmbdgt2107-wtsd_firmwaregs2110-wtbd-ngs2107-wtbd-ngs2110-wtbd_firmwaregt2104-rtbdle7-40gu-lGT21 model of GOT2000 series, GS21 model of GOT SIMPLE series, and Tension Controller LE7-40GU-L series
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-5666
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-8.40% / 94.31%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 00:49
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-r02_firmwaremelsec_iq-r32melsec_iq-r04melsec_iq-r01melsec_iq-r16melsec_iq-r32_firmwaremelsec_iq-r00melsec_iq-r01_firmwaremelsec_iq-r04_firmwaremelsec_iq-r16_firmwaremelsec_iq-r08_firmwaremelsec_iq-r00_firmwaremelsec_iq-r08melsec_iq-r120_firmwaremelsec_iq-r02melsec_iq-r120MELSEC iQ-R Series CPU Modules
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5652
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.53% / 87.84%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_l02cpu-pmelsec_l26cpu-pmelsec_q-q170mscpu-s1_firmwaremelsec_iq-r01cpu_firmwaremelsec_iq-r120psfcpumelsec_q-q26udvcpu_firmwaremelsec_iq-r32pcpumelsec_iq-r32mtcpumelsec_q-q172dscpu_firmwaremelsec_iq-r08sfcpu_firmwaremelsec_q-q04udehcpumelsec_q-q20udehcpumelsec_q-q04udvcpu_firmwaremelsec_q-q03udvcpumelsec_q-q04udpvcpumelsec_iq-r00cpumelsec_iq-r32encpumelsec_q-q173dcpu-s1_firmwaremelsec_iq-r32encpu_firmwaremelsec_q-q26udvcpumelsec_q-q50udehcpu_firmwaremelsec_iq-r120encpumelsec_iq-r16sfcpumelsec_iq-r16encpumelsec_q-q03udecpu_firmwaremelsec_q-q26udpvcpu_firmwaremelsec_iq-r16pcpumelsec_q-q172dscpumelsec_q-q06udehcpumelsec_q-q26udehcpumelsec_iq-r16psfcpumelsec_q-q173dscpumelsec_q-q20udehcpu_firmwaremelsec_iq-r08pcpu_firmwaremelsec_q-q170mcpumelsec_iq-r32psfcpumelsec_l06cpu-p_firmwaremelsec_iq-r32mtcpu_firmwaremelsec_q-q13udpvcpumelsec_iq-r02cpumelsec_iq-r01cpumelsec_iq-r32sfcpumelsec_iq-r16sfcpu_firmwaremelsec_iq-r120pcpumelsec_l26cpu-p_firmwaremelsec_iq-r120encpu_firmwaremelsec_q-q04udvcpumelsec_q-q13udpvcpu_firmwaremelsec_q-q03udvcpu_firmwaremelsec_iq-r08sfcpumelsec_iq-r08psfcpu_firmwaremelsec_q-q04udpvcpu_firmwaremelsec_l06cpu-pmelsec_q-q03udecpumelsec_iq-r16mtcpumelsec_q-q06udpvcpumelsec_iq-r32pcpu_firmwaremelsec_iq-r16encpu_firmwaremelsec_q-q172dcpu-s1melsec_q-q100udehcpumelsec_iq-r04encpumelsec_q-q100udehcpu_firmwaremelsec_iq-r64mtcpu_firmwaremelsec_iq-r32psfcpu_firmwaremelsec_q-q10udehcpu_firmwaremelsec_q-q170mcpu_firmwaremelsec_q-q04udehcpu_firmwaremelsec_iq-r04encpu_firmwaremelsec_q-q50udehcpumelsec_iq-r08pcpumelsec_l02cpu-p_firmwaremelsec_q-qmr-mq100_firmwaremelsec_iq-r08encpu_firmwaremelsec_iq-r120pcpu_firmwaremelsec_q-q173dcpu-s1melsec_q-q172dcpu-s1_firmwaremelsec_l26cpu-pbtmelsec_iq-r120psfcpu_firmwaremelsec_iq-r00cpu_firmwaremelsec_q-q170mscpu-s1melsec_iq-r64mtcpumelsec_q-q13udvcpumelsec_iq-r08encpumelsec_q-q173dscpu_firmwaremelsec_iq-r16mtcpu_firmwaremelsec_iq-r16pcpu_firmwaremelsec_q-q10udehcpumelsec_iq-r120sfcpumelsec_iq-r120sfcpu_firmwaremelsec_q-q13udehcpu_firmwaremelsec_l26cpu-pbt_firmwaremelsec_q-q13udvcpu_firmwaremelsec_iq-r32sfcpu_firmwaremelsec_q-qmr-mq100melsec_q-q26udpvcpumelsec_q-q06udpvcpu_firmwaremelsec_q-q06udehcpu_firmwaremelsec_q-q26udehcpu_firmwaremelsec_q-q13udehcpumelsec_iq-r02cpu_firmwaremelsec_iq-r16psfcpu_firmwaremelsec_iq-r08psfcpuMELSEC iQ-R, Q and L series
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5668
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-4.73% / 90.76%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 03:30
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-r08sfcpur04cpu_firmwarerj71gp21-sx_firmwarer120psfcpu_firmwarer16sfcpu_firmwarerj71gp21s-sx_firmwarerj72gf15-t2_firmwarer04cpur32pcpur08cpur16psfcpurj71gf11-t2_firmwarer08pcpurj71gp21-sxrj71c24-r4_firmwarerj71en71_firmwarerj71c24-r2r00cpu_firmwarer08pcpu_firmwarer02cpu_firmwarerj71gn11-t2r16sfcpur16cpu_firmwarer16pcpurj71gf11-t2r120cpu_firmwarer32cpu_firmwarer00cpur120psfcpur08sfcpu_firmwarer32psfcpu_firmwarer16psfcpu_firmwarerj71en71r120cpur32sfcpu_firmwarer32sfcpurj72gf15-t2r01cpur32pcpu_firmwarer01cpu_firmwarer08psfcpu_firmwarer08psfcpurj71c24-r2_firmwarer16cpur08cpu_firmwarerj71gn11-t2_firmwarer16pcpu_firmwarer02cpurj71gp21s-sxr120pcpu_firmwarerj71c24-r4r120sfcpur32psfcpur120sfcpu_firmwarer32cpur120pcpuMELSEC iQ-R
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5603
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.65%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 10:20
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsoft_fielddeviceconfiguratorm_commdtm-hartgx_works3melfa-worksmelsoft_iq_appportalgt_designer3gx_logviewermt_works2motion_control_settingcw_configuratormelsec-l_flexible_high-speed_i\/o_control_module_configuration_toolcpu_module_logging_configuration_toolmelsoft_navigatorgx_works2m_commdtm-io-linkmr_configurator2mi_configuratorrt_toolbox2em_configuratorrt_toolbox3Mitsubishi Electoric FA Engineering Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5654
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.70% / 84.14%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-rd81opc96melsec_iq-rd81dl96_firmwaremelsec_iq-rd81dl96melsec_iq-rj71pn92melsec_iq-rd81mes96n_firmwaremelsec_iq-rd81mes96nmelsec_iq-rj71eip91_firmwaremelsec_iq-rj71eip91melsec_iq-rd81opc96_firmwaremelsec_iq-rj71pn92_firmwareMELSEC iQ-R series
CWE ID-CWE-384
Session Fixation
CVE-2020-5655
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.91% / 85.30%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-rd81opc96melsec_iq-rd81dl96_firmwaremelsec_iq-rd81dl96melsec_iq-rj71pn92melsec_iq-rd81mes96n_firmwaremelsec_iq-rd81mes96nmelsec_iq-rj71eip91_firmwaremelsec_iq-rj71eip91melsec_iq-rd81opc96_firmwaremelsec_iq-rj71pn92_firmwareMELSEC iQ-R series
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5658
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.89% / 85.17%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-rd81opc96melsec_iq-rd81dl96_firmwaremelsec_iq-rd81dl96melsec_iq-rj71pn92melsec_iq-rd81mes96n_firmwaremelsec_iq-rd81mes96nmelsec_iq-rj71eip91_firmwaremelsec_iq-rj71eip91melsec_iq-rd81opc96_firmwaremelsec_iq-rj71pn92_firmwareMELSEC iQ-R series
CVE-2020-5646
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-4.12% / 89.57%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 02:06
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gt1450-qmbdegt1455-qtbdecoreosgt1450-qlbdegt1450hs-qmbdegt1455hs-qtbdeGT14 Model of GOT 1000 series
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5600
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-2.02% / 78.62%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 08:05
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-got2000_gt27got2000_gt23coreosgot2000_gt25GOT2000 series GT27, GT25, and GT23
CVE-2020-5527
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.65%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 07:10
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-l06cpu_firmwarel02scpu-p_firmwarer04cpu_firmwarel26cpu-pq172dscpu_firmwareq25prhcpu_firmwareq26dhccpu-lsl26cpu-btl26cpu-pbt_firmwareq12prhcpufx3ur04cpul02cpufx5uj_firmwarefx3sq12phcpuq02phcpu_firmwarefx5uq24dhccpu-vr02cpu_firmwarel06cpu-pr16cpu_firmwarer120cpu_firmwarefx3gc_firmwarer32cpu_firmwarefx5ujr00cpul02cpu-pfx3u_firmwarer16encpu_firmwareq24dhccpu-vg2l02cpu_firmwarecr800-q_firmwarer04encpuq173dscpu_firmwarer16cpufx3s_firmwareq26dhccpu-ls_firmwarer08encpufx5u_firmwareq12dccpu-vq12phcpu_firmwareq24dhccpu-lsq06phcpu_firmwarer32cpufx3gq25phcpu_firmwarer120encpur08cpul26cpu-p_firmwareq24dhccpu-vg2_firmwarefx5ucr00cpu_firmwarer16encpul26cpul02scpuq24dhccpu-v_firmwarer32encpu_firmwareq173dscpufx3uc_firmwareq25prhcpuq173nccpu_firmwarel06cpu-p_firmwarer08encpu_firmwareq25phcpuq12prhcpu_firmwarefx5uc_firmwarefx3gcr32encpul26cpu-pbtr120cpucr800-qr01cpur04encpu_firmwareq02phcpur01cpu_firmwareq172dscpul02scpu-pr08cpu_firmwarer120encpu_firmwarel02scpu_firmwareq24dhccpu-ls_firmwarer02cpufx3ucl02cpu-p_firmwareq06phcpul26cpu-bt_firmwarel26cpu_firmwarel06cpufx3g_firmwareq173nccpuq12dccpu-v_firmwareMELSOFT transmission port (UDP/IP) of multiple Mitsubishi Electric MELSEC series
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1443
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.5||MEDIUM
EPSS-1.64% / 73.52%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:31
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Filseclab Twister Antivirus IoControlCode fildds.sys 0x80112053 denial of service

A vulnerability was found in Filseclab Twister Antivirus 8. It has been declared as problematic. This vulnerability affects the function 0x80112053 in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223288.

Action-Not Available
Vendor-filseclabFilseclab
Product-twister_antivirusTwister Antivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1444
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.36%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:33
Updated-26 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Filseclab Twister Antivirus IoControlCode fildds.sys 0x8011206B denial of service

A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects the function 0x8011206B in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability.

Action-Not Available
Vendor-filseclabFilseclab
Product-twister_antivirusTwister Antivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0850
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.7||LOW
EPSS-1.05% / 60.03%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 21:45
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WNDR3700v2 Web Interface denial of service

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wndr3700_firmwarewndr3700WNDR3700v2
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-0848
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.88% / 54.82%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 21:31
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WNDR3700v2 Web Management Interface denial of service

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wndr3700_firmwarewndr3700WNDR3700v2
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-0029
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.99% / 58.25%
||
7 Day CHG~0.00%
Published-01 Jan, 2023 | 13:46
Updated-02 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multilaser RE708 Telnet Service denial of service

A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated as problematic. This issue affects some unknown processing of the component Telnet Service. The manipulation leads to denial of service. The attack may be initiated remotely. The identifier VDB-217169 was assigned to this vulnerability.

Action-Not Available
Vendor-multilaserempresasMultilaser
Product-re708_firmwarere708RE708
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-39721
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.68% / 84.01%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 00:00
Updated-13 May, 2025 | 12:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client).

Action-Not Available
Vendor-ollaman/aollama
Product-ollaman/aollama
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-0419
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.14% / 62.80%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 18:31
Updated-25 Oct, 2024 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jasper httpdx HTTP POST Request denial of service

A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439.

Action-Not Available
Vendor-httpdx_projectJasPer
Product-httpdxhttpdx
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-48499
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-24 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-48489
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-4565
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.90% / 55.20%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-hutoolDromara
Product-hutoolHuTool
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-36856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 41.66%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. An attacker can exhaust system memory and crash the daemon by establishing and maintaining a vast number of long-lived malicious publish/subscribe sessions.

Action-Not Available
Vendor-n/armqtt
Product-n/armqtt
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-44552
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.61%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-33844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.32%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 00:00
Updated-05 Jul, 2026 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.

Action-Not Available
Vendor-parrotn/aparrot
Product-anafi_firmwaren/aanafi_firmware
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-8222
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 37.76%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 02:30
Updated-12 May, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_management_handle_register denial of service

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-8187
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.64% / 46.04%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 10:58
Updated-13 May, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption

A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-8226
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.49% / 38.41%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 03:30
Updated-12 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-8225
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.49% / 38.41%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 03:15
Updated-13 May, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-7734
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.46% / 36.97%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 05:00
Updated-06 May, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
osrg GoBGP SRv6 L3 Service prefix_sid.go SRv6L3ServiceAttribute.DecodeFromBytes denial of service

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from remote. Upgrading to version 4.4.0 will fix this issue. The name of the patch is f9f7b55ec258e514be0264871fa645a2c3edad11. You should upgrade the affected component.

Action-Not Available
Vendor-osrgosrg
Product-gobgpGoBGP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-8224
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.50% / 39.27%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 03:00
Updated-12 May, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-27527
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.39%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 00:00
Updated-13 Nov, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wasm3 139076a is vulnerable to Denial of Service (DoS).

Action-Not Available
Vendor-n/awasm3_project
Product-n/awasm3
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-7263
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-6.3||MEDIUM
EPSS-0.35% / 27.34%
||
7 Day CHG+0.08%
Published-10 May, 2026 | 04:43
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS attack via DOMNode::C14N()

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.

Action-Not Available
Vendor-Red Hat, Inc.The PHP Group
Product-phpPHPRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-6985
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.56% / 42.77%
||
7 Day CHG~0.00%
Published-25 Apr, 2026 | 16:15
Updated-29 Apr, 2026 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 7.21 is able to resolve this issue. Upgrading the affected component is advised. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.

Action-Not Available
Vendor-cesantaCesanta
Product-mongooseMongoose
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-22019
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.45%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 01:31
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Action-Not Available
Vendor-NetApp, Inc.Node.js (OpenJS Foundation)
Product-astra_control_centernode.jsNodenode.js
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-1877
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.1||HIGH
EPSS-0.96% / 57.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 18:31
Updated-06 Mar, 2025 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1562 HTTP POST Request pure_auth_check null pointer dereference

A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1562_firmwaredap-1562DAP-1562
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found