All the vulnerabilites related to Mitsubishi Electric Corporation - EZSocket
cve-2023-6943
Vulnerability from cvelistv5
Published
2024-01-30 09:09
Modified
2024-11-01 08:36
Severity ?
EPSS score ?
Summary
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
References
▼ | URL | Tags |
---|---|---|
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf | vendor-advisory | |
https://jvn.jp/vu/JVNVU95103362 | government-resource | |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 | government-resource |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mitsubishi Electric Corporation | EZSocket |
Version: 3.0 and later |
||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.552Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf" }, { "tags": [ "government-resource", "x_transferred" ], "url": "https://jvn.jp/vu/JVNVU95103362" }, { "tags": [ "government-resource", "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EZSocket", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "3.0 and later" } ] }, { "defaultStatus": "unaffected", "product": "GT Designer3 Version1(GOT1000)", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GT Designer3 Version1(GOT2000)", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GX Works2", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "1.11M and later" } ] }, { "defaultStatus": "unaffected", "product": "GX Works3", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "1.106L and prior" } ] }, { "defaultStatus": "unaffected", "product": "MELSOFT Navigator", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "1.04E and later" } ] }, { "defaultStatus": "unaffected", "product": "MT Works2", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MX Component", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "4.00A and later" } ] }, { "defaultStatus": "unaffected", "product": "MX OPC Server DA/UA", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products." } ], "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Remote Code Execution" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-470", "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T08:36:32.008Z", "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf" }, { "tags": [ "government-resource" ], "url": "https://jvn.jp/vu/JVNVU95103362" }, { "tags": [ "government-resource" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "assignerShortName": "Mitsubishi", "cveId": "CVE-2023-6943", "datePublished": "2024-01-30T09:09:29.248Z", "dateReserved": "2023-12-19T08:00:07.140Z", "dateUpdated": "2024-11-01T08:36:32.008Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4088
Vulnerability from cvelistv5
Published
2023-09-20 02:26
Modified
2024-09-24 18:27
Severity ?
EPSS score ?
Summary
Malicious Code Execution Vulnerability in FA Engineering Software Products
References
▼ | URL | Tags |
---|---|---|
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf | vendor-advisory | |
https://jvn.jp/vu/JVNVU96447193/index.html | government-resource | |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03 | government-resource |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf" }, { "tags": [ "government-resource", "x_transferred" ], "url": "https://jvn.jp/vu/JVNVU96447193/index.html" }, { "tags": [ "government-resource", "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-4088", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-24T18:27:00.307770Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-24T18:27:11.655Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GX Works3", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "AL-PCS/WIN-E", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "CPU Module Logging Configuration Tool", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "EZSocket", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "FR Configurator2", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "FX Configurator-EN", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "FX Configurator-EN-L", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "FX Configurator-FP", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GT Designer3 Version1(GOT1000)", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GT Designer3 Version1(GOT2000)", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GT SoftGOT1000 Version3", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GT SoftGOT2000 Version1", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GX LogViewer", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GX Works2", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MELSOFT FieldDeviceConfigurator", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MELSOFT iQ AppPortal", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MELSOFT MaiLab", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MELSOFT Navigator", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MELSOFT Update Manager", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MX Component", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MX Sheet", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "PX Developer", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "RT ToolBox3", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "RT VisualBox", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "Data Transfer", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "Data Transfer Classic", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder." } ], "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Malicious Code Execution" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-04T09:16:28.950Z", "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf" }, { "tags": [ "government-resource" ], "url": "https://jvn.jp/vu/JVNVU96447193/index.html" }, { "tags": [ "government-resource" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03" } ], "source": { "discovery": "UNKNOWN" }, "title": "Malicious Code Execution Vulnerability in FA Engineering Software Products", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "assignerShortName": "Mitsubishi", "cveId": "CVE-2023-4088", "datePublished": "2023-09-20T02:26:43.901Z", "dateReserved": "2023-08-02T04:52:49.923Z", "dateUpdated": "2024-09-24T18:27:11.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6942
Vulnerability from cvelistv5
Published
2024-01-30 09:06
Modified
2024-11-01 08:35
Severity ?
EPSS score ?
Summary
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
References
▼ | URL | Tags |
---|---|---|
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf | vendor-advisory | |
https://jvn.jp/vu/JVNVU95103362 | government-resource | |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 | government-resource |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mitsubishi Electric Corporation | EZSocket |
Version: 3.0 and later |
||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.534Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf" }, { "tags": [ "government-resource", "x_transferred" ], "url": "https://jvn.jp/vu/JVNVU95103362" }, { "tags": [ "government-resource", "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EZSocket", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "3.0 and later" } ] }, { "defaultStatus": "unaffected", "product": "GT Designer3 Version1(GOT1000)", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GT Designer3 Version1(GOT2000)", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "GX Works2", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "1.11M and later" } ] }, { "defaultStatus": "unaffected", "product": "GX Works3", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "1.106L and prior" } ] }, { "defaultStatus": "unaffected", "product": "MELSOFT Navigator", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "1.04E and later" } ] }, { "defaultStatus": "unaffected", "product": "MT Works2", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "defaultStatus": "unaffected", "product": "MX Component", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "4.00A and later" } ] }, { "defaultStatus": "unaffected", "product": "MX OPC Server DA/UA", "vendor": "Mitsubishi Electric Corporation", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally." } ], "value": "Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally." } ], "impacts": [ { "capecId": "CAPEC-115", "descriptions": [ { "lang": "en", "value": "CAPEC-115 Authentication Bypass" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T08:35:48.579Z", "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf" }, { "tags": [ "government-resource" ], "url": "https://jvn.jp/vu/JVNVU95103362" }, { "tags": [ "government-resource" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "assignerShortName": "Mitsubishi", "cveId": "CVE-2023-6942", "datePublished": "2024-01-30T09:06:27.941Z", "dateReserved": "2023-12-19T08:00:02.751Z", "dateUpdated": "2024-11-01T08:35:48.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }