Information Disclosure Vulnerability in MELSEC Series
CVE-2023-0457

7.5HIGH

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Melsec Iq-f Series Fx5u-32mt/es; Melsec Iq-f Series Fx5u-64mt/es; Melsec Iq-f Series Fx5u-80mt/es; Melsec Iq-f Series Fx5u-32mr/es
Vendor: CVE Published:; 3 March 2023

Summary

A vulnerability in Mitsubishi Electric's MELSEC iQ-F, iQ-R, Q, and L Series allows attackers to access plaintext password credentials stored in project files. This risk presents a significant threat as remote, unauthenticated attackers could exploit this weakness to gain unauthorized access to FTP or web servers, potentially leading to further compromises within a network. Organizations utilizing these products should take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

MELSEC iQ-F Series FX5-ENET all versions

MELSEC iQ-F Series FX5-ENET/IP all versions

MELSEC iQ-F Series FX5S-30MR/ES all versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

https://jvn.jp/vu/JVNVU93891523/index.html

https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2023
Vulnerability Reserved
Jan 24, 2023