// For flags

CVE-2023-2062

Information Disclosure vulnerability in EtherNet/IP Configuration tools

Severity Score

6.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-04-14 CVE Reserved
  • 2023-06-02 CVE Published
  • 2024-10-31 CVE Updated
  • 2024-11-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-549: Missing Password Field Masking
  • CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mitsubishielectric
Search vendor "Mitsubishielectric"
Fx5-enet\/ip Firmware
Search vendor "Mitsubishielectric" for product "Fx5-enet\/ip Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Fx5-enet\/ip
Search vendor "Mitsubishielectric" for product "Fx5-enet\/ip"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Sw1dnn-eipct-bd Firmware
Search vendor "Mitsubishielectric" for product "Sw1dnn-eipct-bd Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Sw1dnn-eipct-bd
Search vendor "Mitsubishielectric" for product "Sw1dnn-eipct-bd"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Rj71eip91 Firmware
Search vendor "Mitsubishielectric" for product "Rj71eip91 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Rj71eip91
Search vendor "Mitsubishielectric" for product "Rj71eip91"
--
Safe
Mitsubishielectric
Search vendor "Mitsubishielectric"
Sw1dnn-eipctfx5-bd Firmware
Search vendor "Mitsubishielectric" for product "Sw1dnn-eipctfx5-bd Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Sw1dnn-eipctfx5-bd
Search vendor "Mitsubishielectric" for product "Sw1dnn-eipctfx5-bd"
--
Safe