Unsafe reflection in Mitsubishi Electric products - CVE-2023-6943

 

Unsafe reflection in Mitsubishi Electric products - CVE-2023-6943

Published: January 31, 2024


Vulnerability identifier: #VU85936
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-6943
CWE-ID: CWE-470
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mitsubishi Electric
Affected software:
EZSocket
FR Configurator2
GT Designer3 Version1(GOT1000)
GT Designer3 Version1(GOT2000)
MX OPC Server DA
GX Works2
GX Works3
MELSOFT Navigator
MT Works2
MX Component
MX OPC Server UA

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to unsafe reflection. A remote attacker can call a function with a path to a malicious library while connected to the affected products and execute arbitrary code on the system.


How to mitigate CVE-2023-6943

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources