Aggregates CVE and security vulnerability intelligence across all Mitsubishi Electric-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1876 | Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. | [email protected] | 8.7 | 0.43% | 2026-03-03 | 2026-06-17 |
| CVE-2026-1875 | Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. | [email protected] | 8.7 | 0.43% | 2026-03-03 | 2026-06-17 |
| CVE-2026-1874 | Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. | [email protected] | 8.7 | 0.42% | 2026-03-03 | 2026-06-17 |
| CVE-2021-47884 | OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges. | [email protected] | 8.5 | 0.13% | 2026-01-21 | 2026-06-17 |
| CVE-2024-7587 | Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions | [email protected] | 7.8 | 0.19% | 2024-10-22 | 2026-06-17 |
| CVE-2024-26314 | Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. | [email protected] | 7.8 | 0.23% | 2024-07-02 | 2026-06-17 |
| CVE-2024-25088 | Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. | [email protected] | 7.8 | 0.18% | 2024-07-02 | 2026-06-17 |
| CVE-2024-25087 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error. | [email protected] | 5.5 | 0.25% | 2024-07-02 | 2026-06-17 |
| CVE-2024-25086 | Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. | [email protected] | 7.8 | 0.34% | 2024-07-02 | 2026-06-17 |
| CVE-2024-22106 | Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). | [email protected] | 7.8 | 0.18% | 2024-07-02 | 2026-06-17 |
| CVE-2024-22105 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error. | [email protected] | 5.5 | 0.20% | 2024-07-02 | 2026-06-17 |
| CVE-2024-22104 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | [email protected] | 5.5 | 0.23% | 2024-07-02 | 2026-06-17 |
| CVE-2024-22103 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | [email protected] | 5.5 | 0.23% | 2024-07-02 | 2026-06-17 |
| CVE-2024-22102 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error. | [email protected] | 5.5 | 0.20% | 2024-07-02 | 2026-06-17 |
| CVE-2023-51778 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). | [email protected] | 5.5 | 0.21% | 2024-07-02 | 2026-06-17 |
| CVE-2023-51777 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error. | [email protected] | 5.5 | 0.20% | 2024-07-02 | 2026-06-17 |
| CVE-2023-51776 | Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. | [email protected] | 7.8 | 0.19% | 2024-07-02 | 2026-06-17 |
| CVE-2023-6815 | Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. | [email protected] | 6.5 | 0.70% | 2024-02-13 | 2026-06-17 |
| CVE-2023-6943 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all v | [email protected] | 9.8 | 1.84% | 2024-01-30 | 2026-06-17 |
| CVE-2023-6942 | Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticate | [email protected] | 7.5 | 0.95% | 2024-01-30 | 2026-06-17 |