Lucene search

[email protected]CVE-2023-6943

HistoryJan 30, 2024 - 9:15 a.m.

CVE-2023-6943

2024-01-3009:15:47

CWE-470

[email protected]

web.nvd.nist.gov

cve

vulnerability

mitsubishi electric corporation

ezsocket

fr configurator2

gt designer3

gx works2

gx works3

melsoft navigator

mt works2

mx component

mx opc server

rpc

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’) vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

Affected configurations

NVD

Node

mitsubishielectricezsocketRange3.0≥

mitsubishielectricfr_configurator2

mitsubishielectricgot1000

mitsubishielectricgot2000

mitsubishielectricgx_works2Range1.11m≥

mitsubishielectricgx_works3

mitsubishielectricmc_works64

mitsubishielectricmelsoft_navigatorRange1.04e≥

mitsubishielectricmt_works2

mitsubishielectricmx_componentRange4.00a≥

CPENameOperatorVersion
mitsubishielectric:ezsocketmitsubishielectric ezsocketeq*
mitsubishielectric:fr_configurator2mitsubishielectric fr configurator2eq*
mitsubishielectric:got1000mitsubishielectric got1000eq*
mitsubishielectric:got2000mitsubishielectric got2000eq*
mitsubishielectric:gx_works2mitsubishielectric gx works2eq*
mitsubishielectric:gx_works3mitsubishielectric gx works3eq*
mitsubishielectric:mc_works64mitsubishielectric mc works64eq*
mitsubishielectric:melsoft_navigatormitsubishielectric melsoft navigatoreq*
mitsubishielectric:mt_works2mitsubishielectric mt works2eq*
mitsubishielectric:mx_componentmitsubishielectric mx componenteq*

CPE	Name	Operator	Version
mitsubishielectric:ezsocket	mitsubishielectric ezsocket	eq	*
mitsubishielectric:fr_configurator2	mitsubishielectric fr configurator2	eq	*
mitsubishielectric:got1000	mitsubishielectric got1000	eq	*
mitsubishielectric:got2000	mitsubishielectric got2000	eq	*
mitsubishielectric:gx_works2	mitsubishielectric gx works2	eq	*
mitsubishielectric:gx_works3	mitsubishielectric gx works3	eq	*
mitsubishielectric:mc_works64	mitsubishielectric mc works64	eq	*
mitsubishielectric:melsoft_navigator	mitsubishielectric melsoft navigator	eq	*
mitsubishielectric:mt_works2	mitsubishielectric mt works2	eq	*
mitsubishielectric:mx_component	mitsubishielectric mx component	eq	*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EZSocket",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "3.0 and later"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "FR Configurator2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT Designer3 Version1(GOT1000)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GT Designer3 Version1(GOT2000)",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.11M and later"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GX Works3",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSOFT Navigator",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.04E and later"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MT Works2",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX Component",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "4.00A and later"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX OPC Server DA/UA",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU95103362

www.cisa.gov/news-events/ics-advisories/icsa-24-030-02

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2023-6943

nvd1 prion1 cvelist1 ics1