Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-2061
HistoryJun 02, 2023 - 5:15 a.m.

CVE-2023-2061

2023-06-0205:15:10
CWE-798
CWE-259
[email protected]
web.nvd.nist.gov
26
cve-2023-2061
hard-coded password
ftp
mitsubishi electric
melsec iq-r series
melsec iq-f series
ethernet/ip
rj71eip91
fx5-enet/ip

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

JSON

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP.

Affected configurations

NVD
Node
mitsubishielectricfx5-enet\/ip_firmwareMatch-
AND
mitsubishielectricfx5-enet\/ipMatch-
Node
mitsubishielectricsw1dnn-eipct-bd_firmwareMatch-
AND
mitsubishielectricsw1dnn-eipct-bdMatch-
Node
mitsubishielectricrj71eip91_firmwareMatch-
AND
mitsubishielectricrj71eip91Match-
Node
mitsubishielectricsw1dnn-eipctfx5-bd_firmwareMatch-
AND
mitsubishielectricsw1dnn-eipctfx5-bdMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series EtherNet/IP module RJ71EIP91",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

Related

nessus 1
cvelist 1
nvd 1
prion 1
ics 1
nessus
nessus
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)
2023-06-30 00:00:00
cvelist
cvelist
CVE-2023-2061 Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
2023-06-02 04:03:36
nvd
nvd
CVE-2023-2061
2023-06-02 05:15:10
prion
prion
Hardcoded credentials
2023-06-02 05:15:00
ics
ics
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A)
2024-04-25 12:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

JSON
Related for CVE-2023-2061
nessus1cvelist1nvd1prion1ics1