01Dgu0

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric Corporation multiple FA engineering software products (affected versions not specified) GX Works3 (affected versions not specified) **Description** The issue is related to incorrect default permissions, allowing a malicious local attacker to execute malicious code. This can result in information disclosure, tampering, deletion, or a denial-of-service (DoS) condition, especially if the product is installed in a non-default folder. The exploitation of this issue may also lead to arbitrary code execution or cause a denial-of-service condition. **Recommendations** For Mitsubishi Electric Corporation multiple FA engineering software products, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For GX Works3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Supcon InPlant SCADA up to 20230901 **Description** A problematic vulnerability was found in the Supcon InPlant SCADA system, related to insufficient computational effort in password hash when loading project files. This could allow an attacker to gain unauthorized access to protected information. The vulnerability is associated with an unknown functionality of the file Project.xml and requires local access to exploit. The complexity of an attack is rather high, and the exploitation appears to be difficult. **Recommendations** For Supcon InPlant SCADA up to 20230901, consider restricting access to the Project.xml file until a patch is available. As a temporary workaround, avoid using the affected functionality related to password hash computation in the Project.xml file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MITSUBSHI CNC Series (affected versions not specified) **Description** The issue is related to a Buffer Copy without Checking Size of Input, also known as a 'Classic Buffer Overflow'. This allows a remote unauthenticated attacker to cause a Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. System reset is required for recovery. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.