CVE-2023-2062 - Vulnerability Details

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mitsubishielectric	Fx5-enet\/ip Fx5-enet\/ip Firmware Rj71eip91 Rj71eip91 Firmware Sw1dnn-eipct-bd Sw1dnn-eipct-bd Firmware Sw1dnn-eipctfx5-bd Sw1dnn-eipctfx5-bd Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:fx5-enet\/ip_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:fx5-enet\/ip:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:sw1dnn-eipct-bd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw1dnn-eipct-bd:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:rj71eip91_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:rj71eip91:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishielectric:sw1dnn-eipctfx5-bd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:sw1dnn-eipctfx5-bd:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU92908006
https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf

History

Thu, 31 Oct 2024 22:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2023-06-02T04:04:28.648Z

Updated: 2024-10-31T22:37:13.620Z

Reserved: 2023-04-14T08:44:07.523Z

Link: CVE-2023-2062

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-02T05:15:10.187

Modified: 2024-11-21T07:57:51.857

Link: CVE-2023-2062

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object