Skip to main content

Melsoft Navigator

7 CVEs product

Monthly

CVE-2023-5247 HIGH This Week

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Gx Works3 Melsoft Iq Appportal Melsoft Navigator +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-20607 MEDIUM PATCH This Month

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Ezsocket Gx Works2 Melsoft Navigator
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-20606 MEDIUM PATCH This Month

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Ezsocket Gx Works2 Melsoft Navigator
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-20588 CRITICAL Act Now

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Controller Module Setting And Monitoring Tool Cpu Module Logging Configuration Tool Cw Configurator Data Transfer +37
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2021-20587 CRITICAL Act Now

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow C Controller Module Setting And Monitoring Tool Cpu Module Logging Configuration Tool Cw Configurator +38
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-5603 HIGH This Week

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cpu Module Logging Configuration Tool Cw Configurator Em Configurator Gt Designer3 +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5602 HIGH This Week

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cpu Module Logging Configuration Tool Cw Configurator Em Configurator Gt Designer3 +16
NVD
CVSS 3.1
7.5
EPSS
1.4%
EPSS 0% CVSS 7.8
HIGH This Week

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Gx Works3 +3
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Ezsocket +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Ezsocket +2
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Controller Module Setting And Monitoring Tool Cpu Module Logging Configuration Tool +39
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow C Controller Module Setting And Monitoring Tool +40
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cpu Module Logging Configuration Tool Cw Configurator +18
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cpu Module Logging Configuration Tool Cw Configurator +18
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy