Lucene search

MitsubishiCVELIST:CVE-2023-2063

HistoryJun 02, 2023 - 4:05 a.m.

CVE-2023-2063 Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules

2023-06-0204:05:38

CWE-434

Mitsubishi

www.cve.org

information disclosure

tampering

deletion

destruction

ftp function

mitsubishi electric corporation

remote attack

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

49.7%

JSON

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-R Series EtherNet/IP module RJ71EIP91",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU92908006

www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf