Lucene search

[email protected]NVD:CVE-2023-2060

HistoryJun 02, 2023 - 5:15 a.m.

CVE-2023-2060

2023-06-0205:15:09

CWE-521

[email protected]

web.nvd.nist.gov

cve-2023-2060

weak password requirements

ftp function

mitsubishi electric

melsec iq-r series

melsec iq-f series

ethernet/ip module

remote attacker

unauthenticated

dictionary attack

password sniffing

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.0%

JSON

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.

Affected configurations

NVD

Node

mitsubishielectricfx5-enet\/ipMatch-

AND

mitsubishielectricfx5-enet\/ip_firmwareMatch-

Node

mitsubishielectricsw1dnn-eipct-bdMatch-

AND

mitsubishielectricsw1dnn-eipct-bd_firmwareMatch-

Node

mitsubishielectricrj71eip91Match-

AND

mitsubishielectricrj71eip91_firmwareMatch-

Node

mitsubishielectricsw1dnn-eipctfx5-bdMatch-

AND

mitsubishielectricsw1dnn-eipctfx5-bd_firmwareMatch-

References

jvn.jp/vu/JVNVU92908006

www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for NVD:CVE-2023-2060

prion1 nessus1 cve1 cvelist1 ics1