Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
References
Link | Resource |
---|---|
https://jvn.jp/vu/JVNVU95085830/index.html | Third Party Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 | Third Party Advisory US Government Resource |
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
22 Oct 2024, 12:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:* |
|
References | () https://jvn.jp/vu/JVNVU95085830/index.html - Third Party Advisory | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 - Third Party Advisory, US Government Resource | |
References | () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf - Mitigation, Vendor Advisory | |
Summary |
|
|
First Time |
Mitsubishielectric r08sfcpu Firmware
Mitsubishielectric r16sfcpu Firmware Mitsubishielectric r120sfcpu Mitsubishielectric r120psfcpu Firmware Mitsubishielectric r32psfcpu Mitsubishielectric r08psfcpu Firmware Mitsubishielectric r32sfcpu Mitsubishielectric r08sfcpu Mitsubishielectric r120psfcpu Mitsubishielectric r16sfcpu Mitsubishielectric Mitsubishielectric r16psfcpu Mitsubishielectric r120sfcpu Firmware Mitsubishielectric r32psfcpu Firmware Mitsubishielectric r16psfcpu Firmware Mitsubishielectric r32sfcpu Firmware Mitsubishielectric r08psfcpu |
14 Feb 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Feb 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-13 07:15
Updated : 2024-10-22 12:58
NVD link : CVE-2023-6815
Mitre link : CVE-2023-6815
CVE.ORG link : CVE-2023-6815
JSON object : View
Products Affected
mitsubishielectric
- r08psfcpu
- r16sfcpu
- r32psfcpu_firmware
- r32sfcpu_firmware
- r08psfcpu_firmware
- r120sfcpu
- r16psfcpu
- r120psfcpu_firmware
- r16sfcpu_firmware
- r08sfcpu
- r32psfcpu
- r16psfcpu_firmware
- r32sfcpu
- r120psfcpu
- r08sfcpu_firmware
- r120sfcpu_firmware
CWE
CWE-266
Incorrect Privilege Assignment