CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
31.1%
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.
Vendor | Product | Version | CPE |
---|---|---|---|
mitsubishielectric | fx5-enet\/ip_firmware | - | cpe:2.3:o:mitsubishielectric:fx5-enet\/ip_firmware:-:*:*:*:*:*:*:* |
mitsubishielectric | fx5-enet\/ip | - | cpe:2.3:h:mitsubishielectric:fx5-enet\/ip:-:*:*:*:*:*:*:* |
mitsubishielectric | sw1dnn-eipct-bd_firmware | - | cpe:2.3:o:mitsubishielectric:sw1dnn-eipct-bd_firmware:-:*:*:*:*:*:*:* |
mitsubishielectric | sw1dnn-eipct-bd | - | cpe:2.3:h:mitsubishielectric:sw1dnn-eipct-bd:-:*:*:*:*:*:*:* |
mitsubishielectric | rj71eip91_firmware | - | cpe:2.3:o:mitsubishielectric:rj71eip91_firmware:-:*:*:*:*:*:*:* |
mitsubishielectric | rj71eip91 | - | cpe:2.3:h:mitsubishielectric:rj71eip91:-:*:*:*:*:*:*:* |
mitsubishielectric | sw1dnn-eipctfx5-bd_firmware | - | cpe:2.3:o:mitsubishielectric:sw1dnn-eipctfx5-bd_firmware:-:*:*:*:*:*:*:* |
mitsubishielectric | sw1dnn-eipctfx5-bd | - | cpe:2.3:h:mitsubishielectric:sw1dnn-eipctfx5-bd:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
31.1%