Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
CVE-2023-2063

6.3MEDIUM

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Melsec Iq-r Series Ethernet/ip Module Rj71eip91; Melsec Iq-f Series Ethernet/ip Module Fx5-enet/ip
Vendor: CVE Published:; 2 June 2023

Summary

A vulnerability has been identified in the FTP function of Mitsubishi Electric's EtherNet/IP modules, specifically the MELSEC iQ-R Series RJ71EIP91 and MELSEC iQ-F Series FX5-ENET/IP. This issue enables a remote unauthenticated attacker to upload files of potentially harmful types, leading to severe consequences including unauthorized information disclosure, data manipulation, and even the deletion or destruction of critical files. The nature of this vulnerability poses significant risks, as it can be exploited to facilitate additional malicious activities.

Affected Version(s)

MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP all versions

MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 all versions

References

https://www.mitsubishielectric.co.jp/psirt/vulnerability/...

https://jvn.jp/vu/JVNVU92908006

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Apr 14, 2023