Weak Password Encoding in Mitsubishi Electric GOT2000 and GOT SIMPLE Series
CVE-2023-0525

7.5HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Got2000 Series Gt27 Model
Got2000 Series Gt25 Model
Got2000 Series Gt23 Model
Got2000 Series Gt21 Model
Vendor
CVE Published:
4 August 2023

What is CVE-2023-0525?

The vulnerability in Mitsubishi Electric's GOT2000 and GOT SIMPLE Series enables remote unauthenticated attackers to exploit weak encoding practices for passwords. By intercepting and decrypting packets that contain encrypted passwords, attackers can gain access to plaintext credentials during data transfers, especially when security functions are enabled. This highlights the critical need for robust password management and secure data transmission measures to protect sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GOT SIMPLE Series GS21 model 01.49.000 and prior

GOT SIMPLE Series GS25 model 01.49.000 and prior

GOT2000 Series GT21 model 01.49.000 and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
https://jvn.jp/vu/JVNVU95285923/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.