Lucene search

[email protected]CVE-2023-6374

HistoryJan 30, 2024 - 9:15 a.m.

CVE-2023-6374

2024-01-3009:15:47

CWE-294

[email protected]

web.nvd.nist.gov

cve-2023-6374

authentication bypass

mitsubishi electric

melsec ws series

ws0-geth00200

capture-replay

vulnerability

remote

unauthenticated

disclosure

tampering

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.

Affected configurations

NVD

Node

mitsubishielectricmelsec_ws0-geth00200Match-

AND

mitsubishielectricmelsec_ws0-geth00200_firmwareMatch-

CPENameOperatorVersion
mitsubishielectric:melsec_ws0-geth00200_firmwaremitsubishielectric melsec ws0-geth00200 firmwareeq-

CPE	Name	Operator	Version
mitsubishielectric:melsec_ws0-geth00200_firmware	mitsubishielectric melsec ws0-geth00200 firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC WS Series WS0-GETH00200",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "All serial numbers"
      }
    ]
  }
]