HIGH🇬🇧 English

CVE-2021-20594

CVSS 7.5v3.1pub. 2021-08-06upd. 2024-11-21

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Mitsubishielectric R08psfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R08psfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R08sfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R08sfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R120psfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R120psfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R120sfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R120sfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R16psfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R16psfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R16sfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R16sfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R32psfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R32psfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R32sfcpu

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric R32sfcpu Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2021-20599CRITICAL9.1ten sam produkt

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability i...

CVE-2021-20597CRITICAL9.1ten sam produkt

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU module...

CVE-2021-20591HIGH7.5ten sam produkt

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/...

CVE-2020-16850HIGH7.5ten sam produkt

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial p...

CVE-2020-5668HIGH7.5ten sam produkt

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '...

CVE-2021-20594 — HIGH 7.5 | CVEbaza.pl