Denial-of-Service Vulnerability in GX Works2 by Mitsubishi Electric
CVE-2023-5275

4.7MEDIUM

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
GX Works2
Vendor
CVE Published:
30 November 2023

Summary

An improper input validation vulnerability in the simulation function of GX Works2 allows an attacker to trigger a Denial-of-Service (DoS) condition. This is achieved by sending specially crafted packets. Notably, the attacker must originate these packets from the same personal computer where the GX Works2 function is operational, thus limiting the attack's scope to local environments.

Affected Version(s)

GX Works2 all versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU98760962/index.html
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...
government-resource

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.