Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module
CVE-2023-4562

9.1CRITICAL

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec-f Series Fx3u-16mt/es
Melsec-f Series Fx3u-32mt/es
Melsec-f Series Fx3u-48mt/es
Melsec-f Series Fx3u-64mt/es
Vendor
CVE Published:
13 October 2023

What is CVE-2023-4562?

An improper authentication vulnerability exists in Mitsubishi Electric Corporation's MELSEC-F Series main modules, allowing a remote attacker to exploit the system. This vulnerability can enable unauthorized individuals to extract sequence programs from the device or inject malicious sequence programs and incorrect data. The exploitation occurs through the transmission of illegitimate messages, bypassing authentication mechanisms entirely, thereby posing a significant risk to industrial control systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MELSEC-F Series FX3G-14MR/DS all versions

MELSEC-F Series FX3G-14MR/ES all versions

MELSEC-F Series FX3G-14MR/ES-A all versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU90509290/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...
government-resource

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.