Lucene search

[email protected]CVE-2023-2062

HistoryJun 02, 2023 - 5:15 a.m.

CVE-2023-2062

2023-06-0205:15:10

CWE-549

CWE-668

[email protected]

web.nvd.nist.gov

security

vulnerability

mitsubishi electric corporation

ethernet/ip

authentication bypass

ftp

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.2%

JSON

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.

Affected configurations

NVD

Node

mitsubishielectricfx5-enet\/ip_firmwareMatch-

AND

mitsubishielectricfx5-enet\/ipMatch-

Node

mitsubishielectricsw1dnn-eipct-bd_firmwareMatch-

AND

mitsubishielectricsw1dnn-eipct-bdMatch-

Node

mitsubishielectricrj71eip91_firmwareMatch-

AND

mitsubishielectricrj71eip91Match-

Node

mitsubishielectricsw1dnn-eipctfx5-bd_firmwareMatch-

AND

mitsubishielectricsw1dnn-eipctfx5-bdMatch-

CPENameOperatorVersion
mitsubishielectric:fx5-enet\/ip_firmwaremitsubishielectric fx5-enet/ip firmwareeq-

CPE	Name	Operator	Version
mitsubishielectric:fx5-enet\/ip_firmware	mitsubishielectric fx5-enet/ip firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EtherNet/IP Configuration tool for RJ71EIP91 SW1DNN-EIPCT-BD",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Software version \"1.01B\" and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EtherNet/IP Configuration tool for FX5-ENET/IP SW1DNN-EIPCTFX5-BD",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]