CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6374
https://notcve.org/view.php?id=CVE-2023-6374
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules. Vulnerabilidad de omisión de autenticación mediante Capture-replay en Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200, todos los números de serie permite a un atacante remoto no autenticado omitir la autenticación mediante un ataque de Capture-replay e iniciar sesión ilegalmente en el módulo afectado. Como resultado, el atacante remoto que ha iniciado sesión ilegalmente puede revelar o alterar los programas y parámetros de los módulos. • https://jvn.jp/vu/JVNVU99497477 https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-019_en.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1618 – Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface Module
https://notcve.org/view.php?id=CVE-2023-1618
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware. • https://jvn.jp/vu/JVNVU96063959 https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-02 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-002_en.pdf • CWE-489: Active Debug Code CWE-1188: Initialization of a Resource with an Insecure Default •