Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
References
Link | Resource |
---|---|
https://jvn.jp/vu/JVNVU95103362 | Third Party Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 | Third Party Advisory US Government Resource |
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Feb 2024, 16:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/vu/JVNVU95103362 - Third Party Advisory | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 - Third Party Advisory, US Government Resource | |
References | () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf - Vendor Advisory | |
CPE | cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:got1000:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:got2000:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:* |
|
First Time |
Mitsubishielectric got1000
Mitsubishielectric Mitsubishielectric gx Works2 Mitsubishielectric melsoft Navigator Mitsubishielectric gx Works3 Mitsubishielectric mx Component Mitsubishielectric fr Configurator2 Mitsubishielectric mt Works2 Mitsubishielectric ezsocket Mitsubishielectric mc Works64 Mitsubishielectric got2000 |
31 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-30 09:15
Updated : 2024-02-08 16:42
NVD link : CVE-2023-6942
Mitre link : CVE-2023-6942
CVE.ORG link : CVE-2023-6942
JSON object : View
Products Affected
mitsubishielectric
- ezsocket
- fr_configurator2
- gx_works3
- melsoft_navigator
- mx_component
- gx_works2
- mc_works64
- mt_works2
- got2000
- got1000
CWE
CWE-306
Missing Authentication for Critical Function