Main Vulnerability Database SB2023120514

SB2023120514 - Remote code execution in Mitsubishi Electric FA Engineering Software Products

Published: December 5, 2023

Security Bulletin ID SB2023120514

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) External Control of File Name or Path (CVE-ID: CVE-2023-5247)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to external control of file name or path. A remote attacker can trick a victim to open a specially crafted project file and execute arbitrary code on the target system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-016_en.pdf
https://jvn.jp/vu/JVNVU93383160/
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-04

SB2023120514 - Remote code execution in Mitsubishi Electric FA Engineering Software Products

Breakdown by Severity

Description

Remediation

References

Please verify you're human