CVE-2023-0457

HIGH

7.5

Description

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published3/3/2023

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

mitsubishielectric:fx5-enetmitsubishielectric:fx5-enet\/ipmitsubishielectric:fx5-enet\/ip_firmwaremitsubishielectric:fx5-enet_firmwaremitsubishielectric:fx5s-30mr\/esmitsubishielectric:fx5s-30mr\/es_firmwaremitsubishielectric:fx5s-30mt\/esmitsubishielectric:fx5s-30mt\/es_firmwaremitsubishielectric:fx5s-30mt\/essmitsubishielectric:fx5s-30mt\/ess_firmwaremitsubishielectric:fx5s-40mr\/esmitsubishielectric:fx5s-40mr\/es_firmwaremitsubishielectric:fx5s-40mt\/esmitsubishielectric:fx5s-40mt\/es_firmwaremitsubishielectric:fx5s-40mt\/essmitsubishielectric:fx5s-40mt\/ess_firmwaremitsubishielectric:fx5s-60mr\/esmitsubishielectric:fx5s-60mr\/es_firmwaremitsubishielectric:fx5s-60mt\/esmitsubishielectric:fx5s-60mt\/es_firmwaremitsubishielectric:fx5s-60mt\/essmitsubishielectric:fx5s-60mt\/ess_firmwaremitsubishielectric:fx5s-80mr\/esmitsubishielectric:fx5s-80mr\/es_firmwaremitsubishielectric:fx5s-80mt\/esmitsubishielectric:fx5s-80mt\/es_firmwaremitsubishielectric:fx5s-80mt\/essmitsubishielectric:fx5s-80mt\/ess_firmwaremitsubishielectric:fx5uc-32mr\/ds-tsmitsubishielectric:fx5uc-32mr\/ds-ts_firmwaremitsubishielectric:fx5uc-32mt\/dmitsubishielectric:fx5uc-32mt\/d_firmwaremitsubishielectric:fx5uc-32mt\/ds-tsmitsubishielectric:fx5uc-32mt\/ds-ts_firmwaremitsubishielectric:fx5uc-32mt\/dssmitsubishielectric:fx5uc-32mt\/dss-tsmitsubishielectric:fx5uc-32mt\/dss-ts_firmwaremitsubishielectric:fx5uc-32mt\/dss_firmwaremitsubishielectric:fx5uc-64mt\/dmitsubishielectric:fx5uc-64mt\/d_firmwaremitsubishielectric:fx5uc-64mt\/dssmitsubishielectric:fx5uc-64mt\/dss_firmwaremitsubishielectric:fx5uc-96mt\/dmitsubishielectric:fx5uc-96mt\/d_firmwaremitsubishielectric:fx5uc-96mt\/dssmitsubishielectric:fx5uc-96mt\/dss_firmwaremitsubishielectric:fx5uj-24mr\/esmitsubishielectric:fx5uj-24mr\/es-amitsubishielectric:fx5uj-24mr\/es-a_firmwaremitsubishielectric:fx5uj-24mr\/es_firmwaremitsubishielectric:fx5uj-24mt\/esmitsubishielectric:fx5uj-24mt\/es-amitsubishielectric:fx5uj-24mt\/es-a_firmwaremitsubishielectric:fx5uj-24mt\/es_firmwaremitsubishielectric:fx5uj-24mt\/essmitsubishielectric:fx5uj-24mt\/ess_firmwaremitsubishielectric:fx5uj-40mr\/esmitsubishielectric:fx5uj-40mr\/es-amitsubishielectric:fx5uj-40mr\/es-a_firmwaremitsubishielectric:fx5uj-40mr\/es_firmwaremitsubishielectric:fx5uj-40mt\/esmitsubishielectric:fx5uj-40mt\/es-amitsubishielectric:fx5uj-40mt\/es-a_firmwaremitsubishielectric:fx5uj-40mt\/es_firmwaremitsubishielectric:fx5uj-40mt\/essmitsubishielectric:fx5uj-40mt\/ess_firmwaremitsubishielectric:fx5uj-60mr\/esmitsubishielectric:fx5uj-60mr\/es-amitsubishielectric:fx5uj-60mr\/es-a_firmwaremitsubishielectric:fx5uj-60mr\/es_firmwaremitsubishielectric:fx5uj-60mt\/esmitsubishielectric:fx5uj-60mt\/es-amitsubishielectric:fx5uj-60mt\/es-a_firmwaremitsubishielectric:fx5uj-60mt\/es_firmwaremitsubishielectric:fx5uj-60mt\/essmitsubishielectric:fx5uj-60mt\/ess_firmware

Weaknesses (CWE)

CWE-256CWE-522

References

https://jvn.jp/vu/JVNVU93891523/index.html(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)

https://jvn.jp/vu/JVNVU93891523/index.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01(af854a3a-2127-422b-91ae-364da2661108)

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.