Lucene search

[email protected]NVD:CVE-2023-1618

HistoryMay 19, 2023 - 5:15 a.m.

CVE-2023-1618

2023-05-1905:15:20

CWE-1188

CWE-489

[email protected]

web.nvd.nist.gov

mitsubishi electric

melsec

active debug code

vulnerability

remote unauthenticated attacker

bypass authentication

illegal login

telnet

hidden function

factory default

unauthorized login

module reset

configuration disclosure

firmware rewrite

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module’s configuration or rewrite the firmware.

Affected configurations

NVD

Node

mitsubishielectricmelsec_ws0-geth00200Match-

AND

mitsubishielectricmelsec_ws0-geth00200_firmware

References

jvn.jp/vu/JVNVU96063959

www.cisa.gov/news-events/ics-advisories/icsa-23-138-02

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-002_en.pdf

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for NVD:CVE-2023-1618

cvelist1 nessus1 ics1 cve1 prion1