Missing Authentication for Critical Function in Mitsubishi Electric products - CVE-2023-6942

 

Missing Authentication for Critical Function in Mitsubishi Electric products - CVE-2023-6942

Published: January 31, 2024


Vulnerability identifier: #VU85933
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-6942
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mitsubishi Electric
Affected software:
EZSocket
FR Configurator2
GT Designer3 Version1(GOT1000)
GT Designer3 Version1(GOT2000)
MX OPC Server DA
GX Works2
GX Works3
MELSOFT Navigator
MT Works2
MX Component
MX OPC Server UA

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication for critical function. A remote attacker can send specially crafted packets and bypass authentication.


How to mitigate CVE-2023-6942

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources