Multiple vulnerabilities in Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series, EtherNet/IP Modules and EtherNet/IP
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-2060 CVE-2023-2061 CVE-2023-2062 CVE-2023-2063 |
| CWE-ID | CWE-521 CWE-259 CWE-549 CWE-434 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
RJ71EIP91 Hardware solutions / Routers & switches, VoIP, GSM, etc SW1DNN-EIPCT-BD Hardware solutions / Routers & switches, VoIP, GSM, etc FX5-ENET/IP Hardware solutions / Routers & switches, VoIP, GSM, etc SW1DNN-EIPCTFX5-BD Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Mitsubishi Electric |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Weak password requirements
EUVDB-ID: #VU77046
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-2060
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to weak password requirements in FTP function on EtherNet/IP module. A remote attacker can access to the module via FTP by dictionary attack or password sniffing.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRJ71EIP91: All versions
SW1DNN-EIPCT-BD: All versions
FX5-ENET/IP: All versions
SW1DNN-EIPCTFX5-BD: All versions
External linkshttp://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf
http://jvn.jp/vu/JVNVU92908006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of Hard-coded Password
EUVDB-ID: #VU77047
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-2061
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use a hard-coded password within the FTP function on EtherNet/IP module. A remote attacker can obtain a hard-coded password and access to the module.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRJ71EIP91: All versions
SW1DNN-EIPCT-BD: All versions
FX5-ENET/IP: All versions
SW1DNN-EIPCTFX5-BD: All versions
External linkshttp://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf
http://jvn.jp/vu/JVNVU92908006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing Password Field Masking
EUVDB-ID: #VU77049
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-2062
CWE-ID:
CWE-549 - Missing Password Field Masking
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to missing password field masking in the EtherNet/IP configuration tool. A remote attacker can gain access to unmasked passwords.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRJ71EIP91: All versions
SW1DNN-EIPCT-BD: All versions
FX5-ENET/IP: All versions
SW1DNN-EIPCTFX5-BD: All versions
External linkshttp://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf
http://jvn.jp/vu/JVNVU92908006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Arbitrary file upload
EUVDB-ID: #VU77050
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-2063
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload in the FTP function on EtherNet/IP module. A remote user can upload a malicious file and execute it on the server.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRJ71EIP91: All versions
SW1DNN-EIPCT-BD: All versions
FX5-ENET/IP: All versions
SW1DNN-EIPCTFX5-BD: All versions
External linkshttp://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf
http://jvn.jp/vu/JVNVU92908006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
