CVE-2023-6942

CVSS 7.5 HIGHEPSS 0.9%CWE-306

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Produtos afetados

Mitsubishi Electric Corporation · EZSocket Mitsubishi Electric Corporation · GT Designer3 Version1(GOT1000)Mitsubishi Electric Corporation · GT Designer3 Version1(GOT2000)Mitsubishi Electric Corporation · GX Works2 Mitsubishi Electric Corporation · GX Works3 Mitsubishi Electric Corporation · MELSOFT Navigator Mitsubishi Electric Corporation · MT Works2 Mitsubishi Electric Corporation · MX Component Mitsubishi Electric Corporation · MX OPC Server DA/UA

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://jvn.jp/vu/JVNVU95103362 https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf