Lucene search

MitsubishiCVELIST:CVE-2023-5274

HistoryNov 21, 2023 - 3:46 a.m.

CVE-2023-5274

2023-11-2103:46:45

CWE-20

Mitsubishi

www.cve.org

improper input validation

gx works2

dos

simulation function

denial-of-service

specially crafted packets

personal computer

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

Percentile

5.3%

JSON

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "simulation function"
    ],
    "product": "GX Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU98760962/index.html

www.cisa.gov/news-events/ics-advisories/icsa-23-331-03

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

Percentile

5.3%

JSON

Related for CVELIST:CVE-2023-5274