FA Products SecurityVulnerability Information

Vulnerability status of Factory Automation Products
Click here for the latest information about Vulnerability Information.
Mitsubishi Electric's Vulnerability Information
Dispatch date of Information |
AFFECTED PRODUCTS | Title / Detail Information | Remarks | |
---|---|---|---|---|
CVSS Score | 3rd Party Advisory | |||
update: 2023/08/30 release:2023/03/07 |
GENESIS64 Version 10.97.2 | Multiple Denial-of-Service (DoS) Vulnerabilities in the BACnet® secure connect function of GENESIS64TM |
<Update history:August 30, 2023> |
|
5.9 | VU#794340 |
|||
update: 2023/08/22 release:2023/05/18 |
MELSEC WS Series | Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface Module |
<Update history:August 22, 2023> |
|
7.5 | ICSA-23-138-02 |
|||
release:2023/08/17 | GENESIS64TM Version 10.97.2 | Multiple Vulnerabilities due to OpenSSL Vulnerabilities in the BACnet® secure connect function of GENESIS64TM |
||
4.4-5.9 | ICSA-23-229-01 |
|||
release:2023/08/03 | GT Designer3, GOT2000 Series, GOT SIMPLE Series and GT SoftGOT2000 | Information Disclosure Vulnerability in Data Transfer Security Function on GT Designer3, GOT2000 Series, GOT SIMPLE Series and GT SoftGOT2000 |
||
7.5 | ICSA-23-215-02 |
|||
release:2023/08/03 | GOT2000 Series and GOT SIMPLE Series | Denial-of-Service (DoS) and Spoofing Vulnerability in FTP Server Function on GOT2000 Series and GOT SIMPLE Series |
||
5.9 | ICSA-23-215-01 |
|||
update: 2023/08/03 release:2023/07/27 |
M800V/M80V Series M800/M80/E80 Series C80 M700V/M70V/E70 Series IoT Unit |
Denial of Service (DoS) and Malicious Code Execution Vulnerability in MITSUBISHI CNC Series |
<Update history:August 3, 2023> |
|
9.8 | ICSA-23-208-03 |
|||
update: 2023/08/03 release:2022/12/13 |
GENESIS64TM : Version 10.97 to 10.97.2 | Information Tampering Vulnerability in the project management function of GENESIS64TM |
<Update history:August 3, 2023> <Update history:February 9, 2023> <Update history:December 27, 2022> |
|
6.3 | ICSA-22-347-01 |
|||
update: 2023/08/03 release:2022/07/19 |
GENESIS64TM and MC Works64 | Multiple Vulnerabilities in GENESIS64TM and MC Works64 |
<Update history:August 3, 2023> <Update history:February 9, 2023> <Update history:December 15, 2022> <Update history:September 30, 2022> <Update history:August 30, 2022> |
|
7.5-9.8 | ICSA-22-202-04 |
|||
update: 2023/07/27 release:2022/06/14 |
MELSEC iQ-R, Q and L Series MELIPC Series |
Denial-of-Service Vulnerability in Ethernet Port of MELSEC and MELIPC Series |
<Update history:July 27, 2023> <Update history:August 16, 2022> |
|
7.5 | ICSA-22-172-01 |
|||
update: 2023/07/13 release:2022/12/22 |
MELSEC iQ-R, iQ-L Series and MELIPC Series | Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series |
<Update history:July 13, 2023> |
|
7.5 | ICSA-22-356-03 |
|||
update: 2023/07/06 release:2023/05/23 |
MELSEC iQ-F Series MELSEC iQ-R Series |
Denial-of-Service and Malicious Code Execution Vulnerability in MELSEC Series CPU module |
<Update history:July 6, 2023> |
|
10 | ICSA-23-143-03 |
|||
release:2023/06/29 | MELSEC-F series | Authentication Bypass Vulnerability in MELSEC-F Series main module |
||
7.5 | ICSA-23-180-04 |
|||
update: 2023/06/29 release:2022/11/24 |
GX Works3, MX OPC UA Module Configurator-R | Multiple Vulnerabilities in Multiple FA Engineering Software |
<Update history:June 29, 2023> <Update history:May 30, 2023> |
|
3.7-9.1 | ICSA-22-333-05 |
|||
update: 2023/06/29 release:2020/08/31 |
TCP Protocol Stack | Impact of Impersonation Vulnerability in TCP Protocol Stack |
<Update history:June 29, 2023> <Update history:September 22, 2022> <Update history:May 24, 2022> <Update history:August 24, 2021> <Update history:May 18, 2021> <Update history:February 18, 2021> <Update history:January 26, 2021> <Update history:September 24, 2020> |
|
7.3 | ICSA-20-245-01 |
|||
update: 2023/06/20 release:2023/03/02 |
MELSEC iQ-F Series MELSEC iQ-R Series MELSEC-Q Series MELSEC-L Series |
Information Disclosure Vulnerability in MELSEC Series |
<Update history:June 20, 2023> |
|
7.5 | ICSA-23-061-01 |
|||
release:2023/06/01 | MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 EtherNet/IP configuration tool MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP EtherNet/IP configuration tool |
Multiple Vulnerabilities in MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration tool |
||
6.2-7.5 | ICSA-23-157-02 |
|||
release:2023/04/27 | MELIPC, MELSEC iQ-R and MELSEC Q Series | Multiple vulnerabilities due to Intel products in multiple FA products(April 2023) |
||
8.8 | ICSA-23-122-01 |
|||
update: 2023/04/24 release:2021/11/30 |
MELSEC and MELIPC Series | Multiple Denial-of-Service Vulnerabilities in Ethernet port of MELSEC and MELIPC Series |
<Update history:April 24, 2023> <Update history:November 24, 2022> <Update history:July 26, 2022> <Update history:May 31, 2022> <Update history:April 26, 2022> <Update history:January 27, 2022> |
|
7.5 | ICSA-21-334-02 |
|||
update: 2023/04/18 release:2023/01/17 |
MELSEC iQ-F/MELSEC iQ-R Series | Authorization Bypass Vulnerability in WEB Server Function on MELSEC |
<Update history:April 18, 2023> <Update history:February 28, 2023> <Update history:January 26, 2023> |
|
5.9 | ICSA-23-017-02 |
|||
update: 2023/04/11 release:2020/07/30 |
FA Engineering Software Products | Malicious Code Execution Vulnerability in Multiple FA Engineering Software Products |
<Update history:April 11, 2023> <Update history:March 2, 2023> <Update history:November 17, 2022> <Update history:July 28, 2022> <Update history:May 24, 2022> <Update history:February 8, 2022> <Update history:November 16, 2021> <Update history:July 27, 2021> <Update history:May 27, 2021> <Update history:January 14, 2021> <Update history:November 5, 2020> |
|
8.3 | ICSA-20-212-04 |
|||
update: 2023/02/28 release:2022/05/17 |
MELSEC iQ-F Series | Multiple Denial-of-Service Vulnerabilities in MELSEC iQ-F Series CPU module |
<Update history:February 28 ,2023> <Update history:May 31, 2022> |
|
5.3-8.6 | ICSA-22-139-01 |
|||
release:2023/02/21 | MELSOFT iQ AppPortal | HTTP Request Smuggling Vulnerability and IP Address Authentication Bypass Vulnerability in MELSOFT iQ AppPortal |
||
9.8 | ICSA-23-052-01 |
|||
release:2023/02/02 | GOT2000 Series and GT SoftGOT2000 | Leading users to unintended operation Vulnerability and Information Disclosure and Spoofing Vulnerability in GOT Mobile Function on GOT2000 Series and GT SoftGOT2000 |
||
6.1-6.8 | ICSA-23-033-02 |
|||
update: 2023/01/31 release:2022/08/02 |
FA Products | Denial-of-Service (DoS) Vulnerability and Arbitrary Command Execution Vulnerability due to OpenSSL Vulnerabilities in Multiple FA Products |
<Update history:January 31, 2023> <Update history:November 1, 2022> <Update history:August 30, 2022> <Update history:August 18, 2022> |
|
7.5-9.8 | ICSA-22-221-01 |
|||
release:2023/01/26 | MELFA SD/SQ series and F-series | Authentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-series |
||
7.5 | ICSA-23-026-05 |
|||
release:2022/11/29 | MELSEC iQ-R Series RJ71EN71, R04/08/16/32/120ENCPU(Network Part) | Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module |
||
8.6 | ICSA-22-335-01 |
|||
release:2022/11/24 | GOT2000 Series GT27 mode,GT25 mode, GT23 mode | Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series |
||
5.3 | ICSA-22-333-01 |
|||
update: 2022/11/17 release:2021/02/18 |
FA Engineering Software Products | Multiple Denial-of-Service Vulnerabilities in Multiple FA Engineering Software Products |
<Update history:November 17, 2022> <Update history:July 28, 2022> <Update history:May 24, 2022> <Update history:February 8, 2022> <Update history:November 16, 2021> <Update history:July 27, 2021> <Update history:May 27, 2021> |
|
7.5 | ICSA-21-049-02 |
|||
release:2022/11/15 | GT SoftGOT2000 | Arbitrary Command Execution Vulnerability due to OpenSSL Vulnerability in GT SoftGOT2000 |
||
9.8 | ICSA-22-319-01 |
|||
update: 2022/10/13 release:2021/08/06 |
MELSEC iQ-R Series | Authorization Bypass vulnerability in MELSEC iQ-R Series Safety CPU/SIL2 Process CPU Module |
<Update history:October 13, 2022> <Update history:October 13, 2021> <Update history:October 12, 2021> |
|
9.1 | ICSA-21-287-03 |
|||
update: 2022/10/13 release:2021/08/05 |
MELSEC iQ-R Series | Information disclosure vulnerability in MELSEC iQ-R Series CPU Module |
<Update history:October 13, 2022> |
|
5.9 | ICSA-21-250-01 |
|||
update: 2022/10/13 release:2021/08/05 |
MELSEC iQ-R Series | Unauthorized login vulnerability in MELSEC iQ-R Series CPU Module |
<Update history:October 13, 2022> |
|
7.4 | ICSA-21-250-01 |
|||
update: 2022/09/22 release:2020/07/30 |
FA Engineering Software Products | Vulnerability due to Improper File Access Control in Multiple FA Engineering Software Products |
<Update history:September 22, 2022> <Update history:July 28, 2022> <Update history:May 24, 2022> <Update history:December 17, 2020> |
|
8.3 | ICSA-20-212-02 |
|||
update: 2022/07/28 release:2021/12/16 |
FA Engineering Software | Multiple Denial-of-Service Vulnerabilities in Multiple FA Engineering Software |
<Update history:July 28, 2022> <Update history:June 30, 2022> |
|
5.5 | ICSA-21-350-05 |
|||
update: 2022/07/28 release:2020/07/30 |
FA Products | Malicious Code Execution Vulnerability in Multiple FA Products |
<Update history:July 28, 2022> <Update history:May 27, 2022> <Update history:January 14, 2021> |
|
8.3 | ICSA-20-212-03 |
|||
update: 2022/07/07 release:2021/10/27 |
MELSEC iQ-R Series | Denial-of-Service Vulnerability in MELSEC iQ-R Series C Controller Module |
<Update history:July 7, 2022> <Update history:October 28, 2021> |
|
6.8 | ICSA-21-280-04 |
|||
release:2022/06/02 | MELSEC-Q/L Series and MELSEC iQ-R Series | Denial of Service(DoS) and Remote Code Execution Vulnerability in MELSEC-Q/L Series Ethernet Interface Module and MELSEC iQ-R Series MES Interface Module |
||
8.1 | ICSA-22-165-03 |
|||
update: 2022/05/31 release:2022/03/31 |
iQ-F Series | Authentication Bypass, Information Disclosure and Information Tampering Vulnerabilities in Multiple FA Products |
<Update history:May 31, 2022> |
|
5.9-7.4 | ICSA-22-090-04 |
|||
release:2022/05/12 | MELSOFT iQ AppPortal | Multiple vulnerabilities in MELSOFT iQ AppPortal |
||
5.5-9.8 | ICSA-22-132-02 |
|||
release:2022/05/10 | MELSOFT GT OPC UA Client | Information Disclosure and Denial-of-Service (DoS) Vulnerabilities due to OpenSSL vulnerabilities on MELSOFT GT OPC UA Client |
||
7.4-7.5 | ICSA-22-130-06 |
|||
update: 2022/05/10 release:2021/09/02 |
GOT | Multiple vulnerabilities in Wireless Communication Standards IEEE 802.11 (Frag Attacks) |
<Update history:May 10, 2022> <Update history:March 22, 2022> |
|
2.6-7.5 | ICSA-22-102-04 |
|||
release:2022/04/07 | MELSEC-Q Series | Denial of Service(DoS) and Malicious Code Execution Vulnerability in DHCP client function on MELSEC-Q Series C Controller Module |
||
9.0 | ICSA-22-102-02 |
|||
update: 2022/04/07 release:2021/09/06 |
[Withdraw]Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of GOT and Tension Controller |
<Update history:April 7, 2022> <Update history:October 5, 2021> |
||
ICSA-21-278-01 |
||||
release:2022/03/29 | CC-Link IE TSN Configurator | Impact of multiple vulnerabilities in Apache Log4j (Log4shell) |
||
5.9-10.0 | Apache Log4j Vulnerability Guidance |
|||
update: 2022/03/29 release:2020/10/29 |
MELSEC iQ-R, Q and L Series | Denial-of-Service Vulnerability in Ethernet Port on CPU Module of MELSEC iQ-R, Q and L Series |
<Update history:March 29, 2022> <Update history:January 13, 2022> <Update history:May 18, 2021> |
|
7.5 |
ICSA-20-303-01 |
|||
release:2022/02/15 | Energy Saving Data Collecting Server (EcoWebServerIII) | Multiple Vulnerabilities in web functions of Energy Saving Data Collecting Server (EcoWebServerIII) |
||
6.1 7.5 |
- | |||
release:2022/01/20 | GENESIS64 and MC Works64 | Denial of Service (DoS) Vulnerability in database server of GENESIS64 and MC Works64 |
||
5.9 | ICSA-22-020-01 |
|||
release:2022/01/20 | GENESIS64 and MC Works64 | Information Disclosure Vulnerability in GENESIS64 and MC Works64 |
||
7.7 | ICSA-22-020-01 |
|||
release:2022/01/20 | GENESIS64 and MC Works64 | Authentication Bypass Vulnerability in Web communication function on GENESIS64 and MC Works64 |
||
9.8 | ICSA-22-020-01 |
|||
release:2022/01/20 | MC Works64 | Information Disclosure Vulnerability in MC Works64 mobile monitoring |
||
4.2 | ICSA-22-020-01 |
|||
update: 2022/01/20 release:2021/05/11 |
GOT and Tension Controller | Denial-of-Service (DoS) Vulnerability in MODBUS/TCP slave communication function on GOT and Tension Controller |
<Update history:January 20, 2022> |
|
5.9 | ICSA-21-131-02 |
|||
update: 2022/01/20 release:2020/12/03 |
GOT and Tension Controller | Denial-of-Service Vulnerability in TCP/IP Stack of GOT and Tension Controller |
<Update history:January 20, 2022> <Update history:May 11, 2021> |
|
7.5 | ICSA-20-343-02 |
|||
release:2022/01/13 | MELSEC-F Series | Denial of Service (DoS) Vulnerability in MELSEC-F Series Ethernet interface block |
||
7.5 |
ICSA-22-013-01 ICSA-22-013-07 |
|||
release:2022/01/13 | MELSEC-F Series | Denial of Service (DoS) and potential unspecified Vulnerability in MELSEC-F Series Ethernet interface block |
||
7.5 |
ICSA-22-013-01 ICSA-22-013-07 |
|||
release:2021/12/16 | GX Works2 | Denial-of-Service (DoS) Vulnerability in GX Works2 |
||
5.3 | ICSA-21-350-04 |
|||
release:2021/12/16 | MELSEC Series | Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of MELSEC Series Remote I/O |
||
7.5 | ICSA-21-217-01 |
|||
update: 2021/12/16 release:2020/11/19 |
MELSEC iQ-R Series | Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port |
<Update history:December 16, 2021> <Update history:September 14, 2021> <Update history:May 18, 2021> |
|
7.5 | ICSA-20-324-05 |
|||
release:2021/11/16 | GOT2000 series,GOT SIMPLE series and GT SoftGOT2000 | Information Tampering Vulnerability in GOT2000 series,GOT SIMPLE series and GT SoftGOT2000 |
||
7.5 | ICSA-21-320-02 |
|||
update: 2021/11/25 release:2021/10/21 |
GENESIS64 and MC Works64 | Arbitrary code execution vulnerablity in AutoCAD (DWG) file import function of GENESIS64 and MC Works64 |
<Update history:November 25, 2021> |
|
7.8 | ICSA-21-294-01 |
|||
release:2021/10/12 | GENESIS64 and MC Works64 | Denial of Service (DoS) Vulnerability in OPC UA communication function of GENESIS64 and MC Works64 |
||
7.5 | ICSA-21-294-03 |
|||
release:2021/08/05 | MELSEC iQ-R Series | Denial-of-Service Vulnerability in MELSEC iQ-R Series CPU Module |
||
3.7 | ICSA-21-250-01 |
|||
release:2021/07/27 | GOT | Denial-of-Service (DoS) Vulnerability in MODBUS/TCP slave communication function on GOT |
||
5.9 | ICSA-21-208-02 |
|||
update: 2021/07/27 release:2021/04/22 |
GOT | Password authentication bypass vulnerability in VNC function of GOT |
<Update history:July 27, 2021> |
|
5.9 | ICSA-21-112-02 |
|||
release:2021/07/20 | MELSEC-F Series | Denial of Service (DoS) Vulnerability in MELSEC-F Series Ethernet interface block |
||
7.5 | ICSA-21-201-01 |
|||
update:2021/06/17 release:2021/02/16 |
MELSOFT FieldDeviceConfigurator | Arbitrary code execution vulnerability in MELSOFT FieldDeviceConfigurator product |
<Update history:June 17, 2021> |
|
7.3 | ICSA-21-021-05 |
|||
update: 2021/06/14 release:2020/06/18 |
MC Works 64 and MC Works 32 | Denial of Service vulnerability and Remote Code Execution vulnerability in MC Works 64 and MC Works 32 |
<Update history:June 14, 2021> <Update history:January 14, 2021> <Update history:December 8, 2020> <Update history:September 9, 2020> |
|
7.5 - 9.8 | ICSA-20-170-02 |
|||
release:2021/05/27 | MELSEC iQ-R Series | Denial-of-Service Vulnerability in MELSOFT Transmission Port (TCP/IP) |
||
5.3 | ICSA-21-147-05 |
|||
update: 2021/05/18 release:2021/01/21 |
MELFA FR,CR Series and ASSISTA | Denial-of-Service Vulnerability in Robot Controller of MELFA FR Series and CR Series as well as ASSISTA |
<Update history:May 18, 2021> |
|
7.5 | ICSA-21-021-04 |
|||
update: 2021/05/18 release:2020/10/08 |
MELSEC iQ-R Series | Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port |
<Update history:May 18, 2021> <Update history:February 18, 2021> <Update history:October 26, 2020> |
|
8.6 | ICSA-20-282-02 |
|||
update: 2021/04/20 release:2020/06/09 |
MELSEC iQ-R Series | Denial-of-Service Vulnerability in MELSEC iQ-R Series Ethernet Port |
<Update history:April 20, 2021> <Update history:November 5, 2020> |
|
5.3 | ICSA-20-161-02 |
|||
release:2020/12/10 | MELSEC iQ-F Series | Denial-of-Service Vulnerability in Ethernet Port on CPU Module of MELSEC iQ-F Series |
||
7.4 | ICSA-20-345-01 |
|||
release:2020/11/12 | MELSEC iQ-R Series | Denial-of-Service Vulnerability in MELSEC iQ-R Series CPU Modules |
||
6.8 | ICSA-20-317-01 |
|||
release:2020/11/05 | GOT1000 Series | Multiple vulnerabilities in TCP/IP Stack on GT14 Model of GOT1000 Series |
||
5.3 - 9.8 | ICSA-20-310-02 |
|||
release:2020/10/29 | MELSEC iQ-R Series | Multiple Vulnerabilities in TCP/IP stack on MELSEC iQ-R Series Information/Network Module |
||
5.3 - 9.8 | ICSA-20-303-02 |
|||
release:2020/07/03 | GOT2000 Series | Multiple vulnerabilities in TCP/IP Stack on GOT2000 Series |
||
5.3 - 9.8 | ICSA-20-189-02 |
|||
release:2020/06/30 | FA Engineering Software Products | Multiple Vulnerabilities Due to Improper Handling of XML in Multiple FA Engineering Software Products |
||
7.5 | ICSA-20-182-02 |
|||
release:2020/06/23 | MELSEC iQ-R, iQ-F, Q, L and FX series | Vulnerability of Information Disclosure, Information Tampering, Unauthorized Operation and Denial-of-Service (DoS) between MELSEC iQ-R, iQ-F, Q, L and FX series CPU modules and GX Works3/GX Works2 |
||
10.0 | ICSA-20-175-01 |
|||
release:2020/03/30 | MELSOFT | Remote Access Vulnerability in MELSOFT Transmission Port (UDP/IP) |
||
5.3 | ICSA-20-091-02 |
|||
release:2020/02/14 | MELSEC-Q Series C Controller Module, MELSEC iQ-R Series C Controller Module / C Intelligent Function Module, MELIPC Series MI5000 |
Multiple vulnerabilities in TCP/IP function on MELSEC C Controller Module and MELIPC Series MI5000 |
||
5.3 - 9.8 | JVNVU#95424547 |
|||
release:2019/11/07 | MELSEC-Q Series, MELSEC-L Series | Vulnerability of FTP server function on MELSEC Q/L Series CPU modules |
||
7.5 | ICSA-19-311-01 |
|||
release:2019/05/21 | MELSEC-Q Series |
Technical News |
||
7.5 | ICSA-19-141-02 |
|||
release:2016/12/01 | MELSEC-Q Series |
Technical News FA-A-0230: Vulnerabilities of MELSEC-Q series Ethernet interface modules |
||
8.6 | ICSA-16-336-03 |