Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU82713
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4699
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient verification of data authenticity. A remote attacker can reset the memory of the products to factory default state and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMELSEC-F FX3U: All versions
MELSEC-F FX3U-32MR/UA1: All versions
MELSEC-F FX3U-64MS/ES: All versions
MELSEC-F FX3UC: All versions
MELSEC-F FX3UC-16MR/D-T: All versions
MELSEC-F FX3UC-16MR/DS-T: All versions
MELSEC-F FX3UC-32MT-LT: All versions
MELSEC-F FX3UC-32MT-LT-2: All versions
MELSEC-F FX3UC-16MT/D-P4: All versions
MELSEC-F FX3UC-16MT/DSS-P4: All versions
MELSEC-F FX3G: All versions
MELSEC-F FX3GC-32MT/D: All versions
MELSEC-F FX3GC-32MT/DSS: All versions
MELSEC-F FX3GE: All versions
MELSEC-F FX3GA: All versions
MELSEC-F FX3S: All versions
MELSEC-F FX3S-30My/z-2AD: All versions
MELSEC-F FX3SA-xMy-CM: All versions
MELSEC iQ-F FX5U: All versions
MELSEC iQ-F FX5UC: All versions
MELSEC iQ-F FX5UC-32MT/DS-TS: All versions
MELSEC iQ-F FX5UC-32MT/DSS-TS: All versions
MELSEC iQ-F FX5UC-32MR/DS-TS: All versions
MELSEC iQ-F FX5UJ: All versions
MELSEC iQ-F FX5S: All versions
MELSEC-F FX3U-64MR/UA1: All versions
MELSEC-F FX3U-32MS/ES: All versions
External linkshttp://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.