Vulnerabilities > CVE-2023-2062 - Exposure of Resource to Wrong Sphere vulnerability in Mitsubishielectric products

CVSS 6.2 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

mitsubishielectric

CWE-668

NVD

Published: 2023-06-02

Updated: 2024-10-31

Summary

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric FX5 Enet/Ip Firmware - Mitsubishielectric Sw1Dnn Eipct BD Firmware - Mitsubishielectric Rj71Eip91 Firmware - Mitsubishielectric Sw1Dnn Eipctfx5 BD Firmware -	4
Hardware	Mitsubishielectric Mitsubishielectric FX5 Enet/Ip - Mitsubishielectric Sw1Dnn Eipct BD - Mitsubishielectric Rj71Eip91 - Mitsubishielectric Sw1Dnn Eipctfx5 BD -	4

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References