Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
CVE-2023-2061
6.2MEDIUM
Key Information:
- Status
- Vendor
- CVE Published:
- 2 June 2023
What is CVE-2023-2061?
The vulnerability involves a hard-coded password within the FTP function of specific Ethernet/IP modules from Mitsubishi Electric. This security flaw allows unauthorized remote attackers to exploit the system by gaining access via FTP, thereby exposing the server to potential malicious activities. It is crucial for users of the MELSEC iQ-R and iQ-F Series EtherNet/IP modules to address this vulnerability promptly by following best practices for network security and implementing available patches.
Affected Version(s)
MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP all versions
MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 all versions