CVE-2023-2063 – Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2063
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks. • https://jvn.jp/vu/JVNVU92908006 https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-2062 – Information Disclosure vulnerability in EtherNet/IP Configuration tools
https://notcve.org/view.php?id=CVE-2023-2062
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP. • https://jvn.jp/vu/JVNVU92908006 https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02 • CWE-549: Missing Password Field Masking CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-2061 – Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2061
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP. • https://jvn.jp/vu/JVNVU92908006 https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVE-2023-2060 – Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2060
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing. • https://jvn.jp/vu/JVNVU92908006 https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf • CWE-521: Weak Password Requirements •
CVE-2023-1424 – Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module
https://notcve.org/view.php?id=CVE-2023-1424
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution. • https://jvn.jp/vu/JVNVU94650413 https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •