GCVE - cpe:2.3:a:iconics:mobilehmi:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:iconics:mobilehmi:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Iconics (`85d629b2-b3cd-51d8-82ee-a6f1113acb88`)
Product	Mobilehmi (`bb6c2538-3faa-53cf-b672-812940431760`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-23128`	vulnerable	2026-06-03 14:46:26.536374	Details available Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. Published: 2022-01-21T18:17:33.000Z Updated: 2024-08-03T03:36:19.863Z Open on db.gcve.eu Reference links https://jvn.jp/vu/JVNVU95403720/index.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-026_en.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-23127`	vulnerable	2026-06-03 14:46:26.530752	Details available Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL. Published: 2022-01-21T18:17:32.000Z Updated: 2024-08-03T03:36:20.098Z Open on db.gcve.eu Reference links https://jvn.jp/vu/JVNVU95403720/index.html https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-025_en.pdf https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.