CVE-2023-1285
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.3%
Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are “16” allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| mitsubishielectric:gc-enet-com_firmware | mitsubishielectric gc-enet-com firmware | eq | - |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "GC-ENET-COM",
"vendor": "Mitsubishi Electric India",
"versions": [
{
"status": "affected",
"version": "SN:16XXXXXXXXX"
}
]
}
]Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.3%