Information Disclosure Vulnerability in MELSEC Series
CVE-2023-0457

7.5HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-f Series Fx5u-32mt/es
Melsec Iq-f Series Fx5u-64mt/es
Melsec Iq-f Series Fx5u-80mt/es
Melsec Iq-f Series Fx5u-32mr/es
Vendor
CVE Published:
3 March 2023

What is CVE-2023-0457?

A vulnerability in Mitsubishi Electric's MELSEC iQ-F, iQ-R, Q, and L Series allows attackers to access plaintext password credentials stored in project files. This risk presents a significant threat as remote, unauthenticated attackers could exploit this weakness to gain unauthorized access to FTP or web servers, potentially leading to further compromises within a network. Organizations utilizing these products should take immediate action to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MELSEC iQ-F Series FX5-ENET all versions

MELSEC iQ-F Series FX5-ENET/IP all versions

MELSEC iQ-F Series FX5S-30MR/ES all versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
https://jvn.jp/vu/JVNVU93891523/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.