Unsafe reflection in Mitsubishi Electric Server applications

#VU85936 Unsafe reflection in Mitsubishi Electric Server applications

Published: 2024-01-31

Vulnerability identifier: #VU85936

Vulnerability risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-6943

CWE-ID: CWE-470

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
EZSocket
Other software / Other software solutions
FR Configurator2
Other software / Other software solutions
GT Designer3 Version1(GOT1000)
Other software / Other software solutions
GT Designer3 Version1(GOT2000)
Other software / Other software solutions
MX OPC Server DA
Other software / Other software solutions
GX Works2
Client/Desktop applications / Software for system administration
GX Works3
Client/Desktop applications / Software for system administration
MELSOFT Navigator
Client/Desktop applications / Software for system administration
MT Works2
Client/Desktop applications / Software for system administration
MX Component
Universal components / Libraries / Libraries used by multiple products
MX OPC Server UA
Server applications / SCADA systems

Vendor: Mitsubishi Electric

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to unsafe reflection. A remote attacker can call a function with a path to a malicious library while connected to the affected products and execute arbitrary code on the system.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

EZSocket: 3.0

FR Configurator2: All versions

GT Designer3 Version1(GOT1000): All versions

GT Designer3 Version1(GOT2000): All versions

GX Works2: 1.11M

GX Works3: All versions

MELSOFT Navigator: 1.04E

MT Works2: All versions

MX Component: 4.00A

MX OPC Server DA: All versions

MX OPC Server UA: All versions

External links
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
http://jvn.jp/vu/JVNVU95103362
http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Mitsubishi Electric FA Engineering Software Products