Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-2063
HistoryJun 02, 2023 - 5:15 a.m.

CVE-2023-2063

2023-06-0205:15:10
CWE-434
[email protected]
web.nvd.nist.gov
22
cve-2023-2063
unrestricted upload
ftp
mitsubishi electric
melsec
iq-r series
iq-f series
ethernet/ip
vulnerability
file upload
information disclosure
tampering
deletion
destruction

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.0%

JSON

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.

Affected configurations

NVD
Node
mitsubishielectricfx5-enet\/ip_firmwareMatch-
AND
mitsubishielectricfx5-enet\/ipMatch-
Node
mitsubishielectricsw1dnn-eipct-bd_firmwareMatch-
AND
mitsubishielectricsw1dnn-eipct-bdMatch-
Node
mitsubishielectricrj71eip91_firmwareMatch-
AND
mitsubishielectricrj71eip91Match-
Node
mitsubishielectricsw1dnn-eipctfx5-bd_firmwareMatch-
AND
mitsubishielectricsw1dnn-eipctfx5-bdMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series EtherNet/IP module RJ71EIP91",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
nessus 1
prion 1
ics 1
cvelist
cvelist
CVE-2023-2063 Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
2023-06-02 04:05:38
nvd
nvd
CVE-2023-2063
2023-06-02 05:15:10
nessus
nessus
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Unrestricted Upload of File with Dangerous Type (CVE-2023-2063)
2023-06-30 00:00:00
prion
prion
Design/Logic Flaw
2023-06-02 05:15:00
ics
ics
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A)
2024-04-25 12:00:00

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.0%

JSON
Related for CVE-2023-2063
cvelist1nvd1nessus1prion1ics1