Lucene search

[email protected]NVD:CVE-2023-2063

HistoryJun 02, 2023 - 5:15 a.m.

CVE-2023-2063

2023-06-0205:15:10

CWE-434

[email protected]

web.nvd.nist.gov

mitsubishi electric

ftp

file upload vulnerability

information disclosure

tampering

exploitation

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.0%

JSON

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.

Affected configurations

NVD

Node

mitsubishielectricfx5-enet\/ip_firmwareMatch-

AND

mitsubishielectricfx5-enet\/ipMatch-

Node

mitsubishielectricsw1dnn-eipct-bd_firmwareMatch-

AND

mitsubishielectricsw1dnn-eipct-bdMatch-

Node

mitsubishielectricrj71eip91_firmwareMatch-

AND

mitsubishielectricrj71eip91Match-

Node

mitsubishielectricsw1dnn-eipctfx5-bd_firmwareMatch-

AND

mitsubishielectricsw1dnn-eipctfx5-bdMatch-

References

jvn.jp/vu/JVNVU92908006

www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.0%

JSON

Related for NVD:CVE-2023-2063

cvelist1 cve1 prion1 nessus1 ics1