CVE-2023-6943

🗓️ 30 Jan 2024 09:09:29Reported by MitsubishiType

Vulnerability in Mitsubishi Electric products allows remote code execution via unsafe reflection.

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerabilities of Mitsubishi Electric’s software products, including EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA (software included with MC Works64), are related to the use of external control inputs for class selection. This allows a malicious individual to execute arbitrary code.	31 Jan 202400:00	–	bdu_fstec
Circl	CVE-2023-6943	30 Jan 202410:31	–	circl
CNNVD	Various Mitsubishi Electric products Security breach	30 Jan 202400:00	–	cnnvd
Cvelist	CVE-2023-6943	30 Jan 202409:09	–	cvelist
EUVD	EUVD-2023-59140	3 Oct 202520:07	–	euvd
ICS	Mitsubishi Electric FA Engineering Software Products (Update D)	30 Jan 202407:00	–	ics
NVD	CVE-2023-6943	30 Jan 202409:15	–	nvd
OSV	CVE-2023-6943	30 Jan 202409:15	–	osv
Prion	Code injection	30 Jan 202409:15	–	prion
Positive Technologies	PT-2024-1401 · Mitsubishi · Mx +8	30 Jan 202400:00	–	ptsecurity

NVD

Node

mitsubishielectric ezsocketRange3.0≥

mitsubishielectric fr_configurator2

mitsubishielectric got1000

mitsubishielectric got2000

mitsubishielectric gx_works2Range1.11m≥

mitsubishielectric gx_works3

mitsubishielectric mc_works64

mitsubishielectric melsoft_navigatorRange1.04e≥

mitsubishielectric mt_works2

mitsubishielectric mx_componentRange4.00a≥

[
  {
    "defaultStatus": "unaffected",
    "product": "EZSocket",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "3.0 to 5.92"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT Designer3 Version1(GOT1000)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.325P and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT Designer3 Version1(GOT2000)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.320J and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.11M to 1.626C"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Works3",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.106L and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSOFT Navigator",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.04E to 2.102G"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MT Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.190Y and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX Component",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "4.00A to 5.007H"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX OPC Server DA/UA",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-030-02
jvn	www.jvn.jp/vu/JVNVU95103362
mitsubishielectric	www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf

17 Jun 2026 06:51Current

9.3High risk

Vulners AI Score9.3

CVSS 3.19.8

EPSS0.01844

SSVC

CWE-470