CVE-2023-6942

CVSS 7.5 HIGHEPSS 0.9%CWE-306

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

30 Jan 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Mitsubishi Electric Corporation · EZSocket Mitsubishi Electric Corporation · GT Designer3 Version1(GOT1000)Mitsubishi Electric Corporation · GT Designer3 Version1(GOT2000)Mitsubishi Electric Corporation · GX Works2 Mitsubishi Electric Corporation · GX Works3 Mitsubishi Electric Corporation · MELSOFT Navigator Mitsubishi Electric Corporation · MT Works2 Mitsubishi Electric Corporation · MX Component Mitsubishi Electric Corporation · MX OPC Server DA/UA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/vu/JVNVU95103362 https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf