Vulnerabilities > CVE-2023-6815 - Incorrect Privilege Assignment vulnerability in Mitsubishielectric products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mitsubishielectric

CWE-266

NVD

Published: 2024-02-13

Updated: 2024-10-22

Summary

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric R08Sfcpu Firmware * Mitsubishielectric R16Sfcpu Firmware * Mitsubishielectric R32Sfcpu Firmware * Mitsubishielectric R120Sfcpu Firmware * Mitsubishielectric R08Psfcpu Firmware * Mitsubishielectric R16Psfcpu Firmware * Mitsubishielectric R32Psfcpu Firmware * Mitsubishielectric R120Psfcpu Firmware *	8
Hardware	Mitsubishielectric Mitsubishielectric R08Sfcpu - Mitsubishielectric R16Sfcpu - Mitsubishielectric R32Sfcpu - Mitsubishielectric R120Sfcpu - Mitsubishielectric R08Psfcpu - Mitsubishielectric R16Psfcpu - Mitsubishielectric R32Psfcpu - Mitsubishielectric R120Psfcpu -	8

Common Weakness Enumeration (CWE)

CWE-266 - Incorrect Privilege Assignment

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References