Main Vulnerability Database Vulnerabilities #VU85930

#VU85930 Authentication Bypass by Capture-replay in WS0-GETH00200 - CVE-2023-6374

Published: January 31, 2024

Vulnerability identifier: #VU85930

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-6374

CWE-ID: CWE-294

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WS0-GETH00200

Software vendor:
Mitsubishi Electric

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to authentication bypass by capture-replay. A remote attacker can disclose or tamper with the programs and parameters in the modules.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-019_en.pdf
https://jvn.jp/vu/JVNVU99497477
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03

#VU85930 Authentication Bypass by Capture-replay in WS0-GETH00200 - CVE-2023-6374

Description

Remediation

External links

Please verify you're human