Lucene search

MitsubishiVULNRICHMENT:CVE-2023-6815

HistoryFeb 13, 2024 - 6:27 a.m.

CVE-2023-6815

2024-02-1306:27:51

CWE-266

Mitsubishi

github.com

mitsubishi electric corporation

melsec iq-r series

vulnerability

disclosure

user credentials

remote attack

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.

References

jvn.jp/vu/JVNVU95085830/index.html

www.cisa.gov/news-events/ics-advisories/icsa-24-044-01

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-6815