Missing Authentication for Critical Function in Mitsubishi Electric Server applications

#VU85933 Missing Authentication for Critical Function in Mitsubishi Electric Server applications

Published: 2024-01-31

Vulnerability identifier: #VU85933

Vulnerability risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-6942

CWE-ID: CWE-306

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
EZSocket
Other software / Other software solutions
FR Configurator2
Other software / Other software solutions
GT Designer3 Version1(GOT1000)
Other software / Other software solutions
GT Designer3 Version1(GOT2000)
Other software / Other software solutions
MX OPC Server DA
Other software / Other software solutions
GX Works2
Client/Desktop applications / Software for system administration
GX Works3
Client/Desktop applications / Software for system administration
MELSOFT Navigator
Client/Desktop applications / Software for system administration
MT Works2
Client/Desktop applications / Software for system administration
MX Component
Universal components / Libraries / Libraries used by multiple products
MX OPC Server UA
Server applications / SCADA systems

Vendor: Mitsubishi Electric

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication for critical function. A remote attacker can send specially crafted packets and bypass authentication.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

EZSocket: 3.0

FR Configurator2: All versions

GT Designer3 Version1(GOT1000): All versions

GT Designer3 Version1(GOT2000): All versions

GX Works2: 1.11M

GX Works3: All versions

MELSOFT Navigator: 1.04E

MT Works2: All versions

MX Component: 4.00A

MX OPC Server DA: All versions

MX OPC Server UA: All versions

External links
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
http://jvn.jp/vu/JVNVU95103362
http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Mitsubishi Electric FA Engineering Software Products