CVE-2023-6942

🗓️ 30 Jan 2024 09:06:27Reported by MitsubishiType

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-6942	30 Jan 202410:31	–	circl
CNNVD	Mitsubishi Electric Various Products Access Control Error Vulnerability	30 Jan 202400:00	–	cnnvd
Cvelist	CVE-2023-6942	30 Jan 202409:06	–	cvelist
EUVD	EUVD-2023-59139	3 Oct 202520:07	–	euvd
ICS	Mitsubishi Electric FA Engineering Software Products (Update D)	30 Jan 202407:00	–	ics
NVD	CVE-2023-6942	30 Jan 202409:15	–	nvd
Prion	Authentication flaw	30 Jan 202409:15	–	prion
Positive Technologies	PT-2024-1480 · Mitsubishi · Gx Works3 +8	30 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-6942	13 Feb 202509:20	–	redhatcve
Vulnrichment	CVE-2023-6942	30 Jan 202409:06	–	vulnrichment

NVD

Node

mitsubishielectric ezsocketRange3.0≥

mitsubishielectric fr_configurator2

mitsubishielectric got1000

mitsubishielectric got2000

mitsubishielectric gx_works2Range1.11m≥

mitsubishielectric gx_works3

mitsubishielectric mc_works64

mitsubishielectric melsoft_navigatorRange1.04e≥

mitsubishielectric mt_works2

mitsubishielectric mx_componentRange4.00a≥

[
  {
    "defaultStatus": "unaffected",
    "product": "EZSocket",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "3.0 to 5.92"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT Designer3 Version1(GOT1000)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.325P and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT Designer3 Version1(GOT2000)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.320J and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.11M to 1.626C"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Works3",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.106L and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSOFT Navigator",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.04E to 2.102G"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MT Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.190Y and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX Component",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "4.00A to 5.007H"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX OPC Server DA/UA",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

Source	Link
mitsubishielectric	www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
jvn	www.jvn.jp/vu/JVNVU95103362
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-030-02

19 Sep 2025 03:15Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

EPSS0.00444

SSVC

CWE-306