CVE-2023-0525

EPSS 0.31%
Veröffentlicht 04.08.2023 00:15:10
Zuletzt bearbeitet 21.11.2024 07:37:20
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ Gt Designer3 Version < 1.300n

Mitsubishielectric ≫ Gt Softgot2000 Version < 1.300n

Mitsubishielectric ≫ Gt27 Firmware Version < 01.50.000

Mitsubishielectric ≫ Gt27 Version-

Mitsubishielectric ≫ Gt25 Firmware Version < 01.50.000

Mitsubishielectric ≫ Gt25 Version-

Mitsubishielectric ≫ Gt23 Firmware Version < 01.50.000

Mitsubishielectric ≫ Gt23 Version-

Mitsubishielectric ≫ Gt21 Firmware Version < 01.50.000

Mitsubishielectric ≫ Gt21 Version-

Mitsubishielectric ≫ Gs25 Firmware Version < 01.50.000

Mitsubishielectric ≫ Gs25 Version-

Mitsubishielectric ≫ Gs21 Firmware Version < 01.50.000

Mitsubishielectric ≫ Gs21 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.54

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-261 Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://jvn.jp/vu/JVNVU95285923/index.html

Third Party Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02

Third Party Advisory

US Government Resource

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0525

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0525

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0525

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-0525