How severe is CVE-2023-2062?

CVE-2023-2062 has a CVSS v3 score of 6.2 (MEDIUM).

CVE-2023-2062

6.2MEDIUM

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know

Published: 6/2/2023Updated: 11/21/2024

Description

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.

AI AnalysisPowered by AI

Affected Products

mitsubishielectricfx5-enet\/ip_firmware

mitsubishielectricfx5-enet\/ip

mitsubishielectricsw1dnn-eipct-bd_firmware

mitsubishielectricsw1dnn-eipct-bd

mitsubishielectricrj71eip91_firmware

mitsubishielectricrj71eip91

mitsubishielectricsw1dnn-eipctfx5-bd_firmware

mitsubishielectricsw1dnn-eipctfx5-bd

References

https://jvn.jp/vu/JVNVU92908006
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf
Vendor Advisory
https://jvn.jp/vu/JVNVU92908006
Third Party Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf
Vendor Advisory