Denial-of-Service Vulnerability in GX Works2 by Mitsubishi Electric
CVE-2023-5274

4.7MEDIUM

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
GX Works2
Vendor
CVE Published:
30 November 2023

Summary

An improper input validation vulnerability in the simulation function of Mitsubishi Electric's GX Works2 can lead to a denial-of-service (DoS) condition. Attackers could exploit this weakness by sending specially crafted packets. However, such attacks would require the attacker to operate from the same personal computer where the GX Works2 function is executing.

Affected Version(s)

GX Works2 all versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU98760962/index.html
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...
government-resource

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.