7.5
CVE-2023-6942
- EPSS 0.95%
- Veröffentlicht 30.01.2024 09:15:47
- Zuletzt bearbeitet 19.09.2025 03:15:33
- Quelle Mitsubishielectric.Psirt@yd.Mi
- CVE-Watchlists
- Unerledigt
LoginMissing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitsubishielectric ≫ Ezsocket Version >= 3.0
Mitsubishielectric ≫ Gx Works2 Version >= 1.11m
Mitsubishielectric ≫ Melsoft Navigator Version >= 1.04e
Mitsubishielectric ≫ Mx Component Version >= 4.00a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.565 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://jvn.jp/vu/JVNVU95103362
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf