// For flags

CVE-2023-6942

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.

Autenticación faltante para vulnerabilidad de función crítica en Mitsubishi Electric Corporation EZSocket versiones 3.0 y posteriores, FR Configurator2 todas las versiones, GT Designer3 Versión1(GOT1000) todas las versiones, GT Designer3 Versión1(GOT2000) todas las versiones, GX Works2 versiones 1.11M y posteriores, GX Works3 todas versiones, MELSOFT Navigator versiones 1.04E y posteriores, MT Works2 todas las versiones, MX Component versiones 4.00A y posteriores y MX OPC Server DA/UA todas las versiones permiten a un atacante remoto no autenticado eludir la autenticación enviando paquetes especialmente manipulados y conectándose a los productos ilegalmente.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-12-19 CVE Reserved
  • 2024-01-30 CVE Published
  • 2024-02-09 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-306: Missing Authentication for Critical Function
CAPEC
  • CAPEC-115: Authentication Bypass
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Ezsocket
Search vendor "Mitsubishielectric" for product "Ezsocket"
 >= 3.0
Search vendor "Mitsubishielectric" for product "Ezsocket" and version " >= 3.0"
-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Fr Configurator2
Search vendor "Mitsubishielectric" for product "Fr Configurator2"
*-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Got1000
Search vendor "Mitsubishielectric" for product "Got1000"
*-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Got2000
Search vendor "Mitsubishielectric" for product "Got2000"
*-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Gx Works2
Search vendor "Mitsubishielectric" for product "Gx Works2"
 >= 1.11m
Search vendor "Mitsubishielectric" for product "Gx Works2" and version " >= 1.11m"
-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Gx Works3
Search vendor "Mitsubishielectric" for product "Gx Works3"
*-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Mc Works64
Search vendor "Mitsubishielectric" for product "Mc Works64"
*-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Melsoft Navigator
Search vendor "Mitsubishielectric" for product "Melsoft Navigator"
 >= 1.04e
Search vendor "Mitsubishielectric" for product "Melsoft Navigator" and version " >= 1.04e"
-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Mt Works2
Search vendor "Mitsubishielectric" for product "Mt Works2"
*-
Affected
Mitsubishielectric
Search vendor "Mitsubishielectric"
 Mx Component
Search vendor "Mitsubishielectric" for product "Mx Component"
 >= 4.00a
Search vendor "Mitsubishielectric" for product "Mx Component" and version " >= 4.00a"
-
Affected