Lucene search

MitsubishiCVELIST:CVE-2023-6374

HistoryJan 30, 2024 - 9:00 a.m.

CVE-2023-6374

2024-01-3009:00:14

CWE-294

Mitsubishi

www.cve.org

cve-2023-6374

authentication bypass

capture-replay

mitsubishi electric corporation

melsec ws series

remote unauthenticated attacker

illegally login

program disclosure

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

42.2%

JSON

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC WS Series WS0-GETH00200",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "All serial numbers"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU99497477

www.cisa.gov/news-events/ics-advisories/icsa-24-030-03

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-019_en.pdf

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

42.2%

JSON

Related for CVELIST:CVE-2023-6374