// For flags

CVE-2023-6374

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.

Vulnerabilidad de omisión de autenticación mediante Capture-replay en Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200, todos los números de serie permite a un atacante remoto no autenticado omitir la autenticación mediante un ataque de Capture-replay e iniciar sesión ilegalmente en el módulo afectado. Como resultado, el atacante remoto que ha iniciado sesión ilegalmente puede revelar o alterar los programas y parámetros de los módulos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-29 CVE Reserved
  • 2024-01-30 CVE Published
  • 2024-02-08 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-294: Authentication Bypass by Capture-replay
CAPEC
  • CAPEC-115: Authentication Bypass
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Ws0-geth00200 Firmware
Search vendor "Mitsubishielectric" for product "Melsec Ws0-geth00200 Firmware"
--
Affected
in Mitsubishielectric
Search vendor "Mitsubishielectric"
Melsec Ws0-geth00200
Search vendor "Mitsubishielectric" for product "Melsec Ws0-geth00200"
--
Safe