CVE-2023-0525

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.

Vulnerabilidad Weak Encoding for Password en Mitsubishi Electric Corporation GOT2000 Series modelo GT27 versiones 01.49.000 y anteriores, modelo GT25 versiones 01.49.000 y anteriores, modelo GT23 versiones 01.49.000 y anteriores, modelo GT21 versiones 01.49.000 y anteriores, serie GOT SIMPLE modelo GS25 versiones 01.49.000 y anteriores, modelo GS21 versiones 01.49.000 y anteriores, GT Designer3 Version1 (GOT2000) versiones 1.295H y anteriores, y GT SoftGOT2000 versiones 1.295H y anteriores, permite a un atacante remoto no autenticado obtener contraseñas en texto plano al espiar paquetes que contienen contraseñas cifradas y descifrar las contraseñas cifradas. Esto ocurre en el caso de la transferencia de datos con GT Designer3 Version1 (GOT2000) y GOT2000 Series o GOT SIMPLE Series con la función de Seguridad de Transferencia de Datos habilitada, o en el caso de la transferencia de datos mediante la función de enlace SoftGOT-GOT con GT SoftGOT2000 y GOT2000 series con la función de Seguridad de Transferencia de Datos habilitada.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-01-27 CVE Reserved
2023-08-03 CVE Published
2024-09-04 EPSS Updated
2024-10-18 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-261: Weak Encoding for Password
CWE-326: Inadequate Encryption Strength

CAPEC

References (3)

URL	Tag	Source
https://jvn.jp/vu/JVNVU95285923/index.html	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdf	2023-08-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt27 Firmware Search vendor "Mitsubishielectric" for product "Gt27 Firmware"	< 01.50.000 Search vendor "Mitsubishielectric" for product "Gt27 Firmware" and version " < 01.50.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt27 Search vendor "Mitsubishielectric" for product "Gt27"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt25 Firmware Search vendor "Mitsubishielectric" for product "Gt25 Firmware"	< 01.50.000 Search vendor "Mitsubishielectric" for product "Gt25 Firmware" and version " < 01.50.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt25 Search vendor "Mitsubishielectric" for product "Gt25"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt23 Firmware Search vendor "Mitsubishielectric" for product "Gt23 Firmware"	< 01.50.000 Search vendor "Mitsubishielectric" for product "Gt23 Firmware" and version " < 01.50.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt23 Search vendor "Mitsubishielectric" for product "Gt23"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gt21 Firmware Search vendor "Mitsubishielectric" for product "Gt21 Firmware"	< 01.50.000 Search vendor "Mitsubishielectric" for product "Gt21 Firmware" and version " < 01.50.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gt21 Search vendor "Mitsubishielectric" for product "Gt21"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gs25 Firmware Search vendor "Mitsubishielectric" for product "Gs25 Firmware"	< 01.50.000 Search vendor "Mitsubishielectric" for product "Gs25 Firmware" and version " < 01.50.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gs25 Search vendor "Mitsubishielectric" for product "Gs25"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"	Gs21 Firmware Search vendor "Mitsubishielectric" for product "Gs21 Firmware"	< 01.50.000 Search vendor "Mitsubishielectric" for product "Gs21 Firmware" and version " < 01.50.000"	-	Affected	in	Mitsubishielectric Search vendor "Mitsubishielectric"	Gs21 Search vendor "Mitsubishielectric" for product "Gs21"	-	-	Safe
Mitsubishielectric Search vendor "Mitsubishielectric"		Gt Designer3 Search vendor "Mitsubishielectric" for product "Gt Designer3"				< 1.300n Search vendor "Mitsubishielectric" for product "Gt Designer3" and version " < 1.300n"		-		Affected
Mitsubishielectric Search vendor "Mitsubishielectric"		Gt Softgot2000 Search vendor "Mitsubishielectric" for product "Gt Softgot2000"				< 1.300n Search vendor "Mitsubishielectric" for product "Gt Softgot2000" and version " < 1.300n"		-		Affected