CVE-2023-5247
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.
La vulnerabilidad de ejecución de código malicioso debido al control externo del nombre o ruta del archivo en múltiples productos de software de ingeniería de Mitsubishi Electric FA permite a un atacante malicioso ejecutar un código malicioso haciendo que usuarios legítimos abran un archivo de proyecto especialmente manipulado, lo que podría resultar en la divulgación de información, la manipulación y eliminación o una condición de Denegación de Servicio (DoS).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-28 CVE Reserved
- 2023-11-30 CVE Published
- 2023-12-06 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-73: External Control of File Name or Path
- CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/vu/JVNVU93383160 | Government Resource |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-016_en.pdf | 2023-12-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitsubishielectric Search vendor "Mitsubishielectric" | Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3" | * | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melsoft Iq Appportal Search vendor "Mitsubishielectric" for product "Melsoft Iq Appportal" | * | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Melsoft Navigator Search vendor "Mitsubishielectric" for product "Melsoft Navigator" | * | - |
Affected
| ||||||
| Mitsubishielectric Search vendor "Mitsubishielectric" | Motion Control Setting Search vendor "Mitsubishielectric" for product "Motion Control Setting" | * | - |
Affected
| ||||||