Unsafe Reflection Vulnerability in Mitsubishi Electric EZSocket and GT Designer Products
CVE-2023-6943

9.8CRITICAL

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Ezsocket
Gt Designer3 Version1(got1000)
Gt Designer3 Version1(got2000)
Gx Works2
Vendor
CVE Published:
30 January 2024

Summary

A vulnerability identified in products from Mitsubishi Electric Corporation allows an unauthenticated remote attacker to exploit an unsafe reflection mechanism. This vulnerability arises due to the use of externally controlled input, making it possible for an attacker to execute malicious code through RPC by providing a path to a malicious library. Affected products include EZSocket versions 3.0 and above, GT Designer series, and several versions of GX Works and MELSOFT Navigator. Organizations using these products should prioritize applying necessary patches and implementing security measures to mitigate potential risk.

Affected Version(s)

EZSocket 3.0 to 5.92

GT Designer3 Version1(GOT1000) 1.325P and prior

GT Designer3 Version1(GOT2000) 1.320J and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU95103362
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...
government-resource

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.