Vulnerability identifier: #VU85936
Vulnerability risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-470
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
EZSocket
Other software /
Other software solutions
FR Configurator2
Other software /
Other software solutions
GT Designer3 Version1(GOT1000)
Other software /
Other software solutions
GT Designer3 Version1(GOT2000)
Other software /
Other software solutions
MX OPC Server DA
Other software /
Other software solutions
GX Works2
Client/Desktop applications /
Software for system administration
GX Works3
Client/Desktop applications /
Software for system administration
MELSOFT Navigator
Client/Desktop applications /
Software for system administration
MT Works2
Client/Desktop applications /
Software for system administration
MX Component
Universal components / Libraries /
Libraries used by multiple products
MX OPC Server UA
Server applications /
SCADA systems
Vendor: Mitsubishi Electric
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unsafe reflection. A remote attacker can call a function with a path to a malicious library while connected to the affected products and execute arbitrary code on the system.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
EZSocket: 3.0
FR Configurator2: All versions
GT Designer3 Version1(GOT1000): All versions
GT Designer3 Version1(GOT2000): All versions
GX Works2: 1.11M
GX Works3: All versions
MELSOFT Navigator: 1.04E
MT Works2: All versions
MX Component: 4.00A
MX OPC Server DA: All versions
MX OPC Server UA: All versions
External links
http://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
http://jvn.jp/vu/JVNVU95103362
http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.