Vulnerability identifier: #VU85930
Vulnerability risk: Medium
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-294
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
WS0-GETH00200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Mitsubishi Electric
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to authentication bypass by capture-replay. A remote attacker can disclose or tamper with the programs and parameters in the modules.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
WS0-GETH00200: All versions
External links
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-019_en.pdf
http://jvn.jp/vu/JVNVU99497477
http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.