fkie_nvd - fkie_cve-2023-6943

fkie_cve-2023-6943

Vulnerability from fkie_nvd

Published

2024-01-30 09:15

Modified

2025-02-13 08:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

References

URL	Tags
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://jvn.jp/vu/JVNVU95103362	Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02	Third Party Advisory, US Government Resource
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU95103362	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	ezsocket	*
mitsubishielectric	fr_configurator2	*
mitsubishielectric	got1000	*
mitsubishielectric	got2000	*
mitsubishielectric	gx_works2	*
mitsubishielectric	gx_works3	*
mitsubishielectric	mc_works64	*
mitsubishielectric	melsoft_navigator	*
mitsubishielectric	mt_works2	*
mitsubishielectric	mx_component	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6096E48-9ECD-48FF-9F5E-D182E42D41C9",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CED78B28-BBBF-4869-BC1C-F0789867FB4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:got1000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C31EFBDE-DE71-46F3-97A1-CABC037FC31D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:got2000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D887323-BBDD-41ED-82B8-66DE412666F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73766EB-FF3E-495E-B1C1-5D49A1569696",
              "versionStartIncluding": "1.11m",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4AEDEEE-5070-41E2-B4DC-6DE8456BC028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5790F2E-5511-46F6-94E5-F3E1A2367662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F3C096D-D510-46F4-B46A-A234CA630227",
              "versionStartIncluding": "1.04e",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EC0ACF4-C303-4EC0-A755-1F9AE4152DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "407781DB-9AF9-4E3A-BF24-1787ADB33F42",
              "versionStartIncluding": "4.00a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso de entrada controlada externamente para seleccionar clases o c\u00f3digo (\"Reflexi\u00f3n insegura\") en Mitsubishi Electric Corporation EZSocket versiones 3.0 y posteriores, FR Configurator2 todas las versiones, GT Designer3 Versi\u00f3n1(GOT1000) todas las versiones, GT Designer3 Versi\u00f3n1(GOT2000) todas las versiones , GX Works2 versiones 1.11M y posteriores, GX Works3 todas las versiones, MELSOFT Navigator versiones 1.04E y posteriores, MT Works2 todas las versiones, MX Component versiones 4.00A y posteriores y MX OPC Server DA/UA todas las versiones permiten que un atacante remoto no autenticado ejecute un c\u00f3digo malicioso por RPC con una ruta a una librer\u00eda maliciosa mientras est\u00e1 conectado a los productos."
    }
  ],
  "id": "CVE-2023-6943",
  "lastModified": "2025-02-13T08:15:28.253",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-30T09:15:47.960",
  "references": [
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU95103362"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU95103362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf"
    }
  ],
  "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-470"
        }
      ],
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "type": "Primary"
    }
  ]
}

CVE-2023-6943 (GCVE-0-2023-6943)

Vulnerability from cvelistv5

Published

2024-01-30 09:09

Modified

2025-05-30 19:01

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Summary

References

►

URL

Tags

	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf	vendor-advisory
	https://jvn.jp/vu/JVNVU95103362	government-resource
	https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02	government-resource

Impacted products

Vendor

Product

Version

►

Mitsubishi Electric Corporation

EZSocket

Version: 3.0 to 5.92

Mitsubishi Electric Corporation	GT Designer3 Version1(GOT1000)	Version: 1.325P and prior
Mitsubishi Electric Corporation	GT Designer3 Version1(GOT2000)	Version: 1.320J and prior
Mitsubishi Electric Corporation	GX Works2	Version: 1.11M and later
Mitsubishi Electric Corporation	GX Works3	Version: 1.106L and prior
Mitsubishi Electric Corporation	MELSOFT Navigator	Version: 1.04E to 2.102G
Mitsubishi Electric Corporation	MT Works2	Version: 1.190Y and prior
Mitsubishi Electric Corporation	MX Component	Version: 4.00A to 5.007H
Mitsubishi Electric Corporation	MX OPC Server DA/UA	Version: all versions

Show details on NVD website