Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module
CVE-2023-4562
9.1CRITICAL
Key Information:
- Status
- Vendor
- CVE Published:
- 13 October 2023
Summary
An improper authentication vulnerability exists in Mitsubishi Electric Corporation's MELSEC-F Series main modules, allowing a remote attacker to exploit the system. This vulnerability can enable unauthorized individuals to extract sequence programs from the device or inject malicious sequence programs and incorrect data. The exploitation occurs through the transmission of illegitimate messages, bypassing authentication mechanisms entirely, thereby posing a significant risk to industrial control systems.
Affected Version(s)
MELSEC-F Series FX3G-14MR/DS all versions
MELSEC-F Series FX3G-14MR/ES all versions
MELSEC-F Series FX3G-14MR/ES-A all versions
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved