Lucene search

[email protected]CVE-2023-5275

HistoryNov 30, 2023 - 5:15 a.m.

CVE-2023-5275

2023-11-3005:15:10

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-5275

improper input validation

gx works2

dos

simulation function

nvd

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.3%

JSON

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.

Affected configurations

NVD

Node

mitsubishielectricgx_works2

CPENameOperatorVersion
mitsubishielectric:gx_works2mitsubishielectric gx works2eq*

CPE	Name	Operator	Version
mitsubishielectric:gx_works2	mitsubishielectric gx works2	eq	*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "simulation function"
    ],
    "product": "GX Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU98760962/index.html

www.cisa.gov/news-events/ics-advisories/icsa-23-331-03

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2023-5275

prion1 cvelist1 nvd1 ics1