Description
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash.
Details
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| fx5uc-32mr\/ds-ts-firmware | — | — |
| fx5uc-32mt\/d-firmware | — | — |
| fx5uc-32mt\/ds-ts-firmware | — | — |
| fx5uc-32mt\/dss-firmware | — | — |
| fx5uc-32mt\/dss-ts-firmware | — | — |
| fx5uc-firmware | — | — |
| fx5uj-24mr\/es-firmware | — | — |
| fx5uj-24mt\/es-firmware | — | — |
| fx5uj-24mt\/ess-firmware | — | — |
| fx5uj-40mr\/es-firmware | — | — |
| fx5uj-40mt\/es-firmware | — | — |
| fx5uj-40mt\/ess-firmware | — | — |
| fx5uj-60mr\/es-firmware | — | — |
| fx5uj-60mt\/es-firmware | — | — |
| fx5uj-60mt\/ess-firmware | — | — |
| fx5uj-firmware | — | — |
References
Site Security Check
Concerned your site may already be targeted?
BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.
Check My Site Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.