cbcvebase.

Mitsubishielectric Mc Works64 vulnerabilities

13 known vulnerabilities affecting mitsubishielectric/mc_works64.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH5MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-33318P1CRITICALCVSS 9.8≤ 10.95.210.012022-07-20
CVE-2022-33318 [CRITICAL] CWE-502 CVE-2022-33318: Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 1 Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi
nvd
CVE-2022-23128P2CRITICALCVSS 9.8≥ 10.95.201.23, ≤ 10.95.210.012022-01-21
CVE-2022-23128 [CRITICAL] CVE-2022-23128: Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated
nvd
CVE-2020-12013P2CRITICALCVSS 9.1≤ 10.95.208.312020-07-16
CVE-2020-12013 [CRITICAL] CWE-94 CVE-2020-12013: A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary S A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server
nvd
CVE-2022-33319P3CRITICALCVSS 9.1≤ 10.95.210.012022-07-20
CVE-2022-33319 [CRITICAL] CWE-125 CVE-2022-33319: Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubi Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENES
nvd
CVE-2022-33320P3HIGHCVSS 7.8≤ 10.95.210.012022-07-20
CVE-2022-33320 [HIGH] CWE-502 CVE-2022-33320: Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 1 Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, and Mitsubishi
nvd
CVE-2022-33316P3HIGHCVSS 7.8≤ 10.95.210.012022-07-20
CVE-2022-33316 [HIGH] CWE-502 CVE-2022-33316: Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 1 Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, and Mitsubishi
nvd
CVE-2022-33315P3HIGHCVSS 7.8≤ 10.95.210.012022-07-20
CVE-2022-33315 [HIGH] CWE-502 CVE-2022-33315: Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 1 Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, and Mitsubishi
nvd
CVE-2022-33317P3HIGHCVSS 7.8≤ 10.95.210.012022-07-20
CVE-2022-33317 [HIGH] CWE-829 CVE-2022-33317: Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mitsubishi Electric GENESI Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to
nvd
CVE-2021-27041P3HIGHCVSS 7.8≤ 4.04e2021-06-25
CVE-2021-27041 [HIGH] CWE-787 CVE-2021-27041: A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG fi A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code
nvd
CVE-2022-23127P4MEDIUMCVSS 6.1fixed in 10.95.210.012022-01-21
CVE-2022-23127 [MEDIUM] CWE-79 CVE-2022-23127: Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) a Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a
nvd
CVE-2022-23129P4MEDIUMCVSS 5.5fixed in 10.95.210.012022-01-21
CVE-2022-23129 [MEDIUM] CWE-312 CVE-2022-23129: Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.9 Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database lin
nvd
CVE-2022-23130P4MEDIUMCVSS 5.5≥ 10.95.201.23, ≤ 10.95.210.012022-01-21
CVE-2022-23130 [MEDIUM] CWE-126 CVE-2022-23130: Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite ver
nvd
CVE-2021-27040P4LOWCVSS 3.3≤ 4.04e2021-06-25
CVE-2021-27040 [LOW] CWE-125 CVE-2021-27040: A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DW A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
nvd
Mitsubishielectric Mc Works64 vulnerabilities | cvebase