Vulnerability Description
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Fx5Uc-32Mr\/Ds-Ts Firmware | All versions |
| Mitsubishielectric | Fx5Uc-32Mr\/Ds-Ts | - |
| Mitsubishielectric | Fx5Uc-32Mt\/D Firmware | All versions |
| Mitsubishielectric | Fx5Uc-32Mt\/D | - |
| Mitsubishielectric | Fx5Uc-32Mt\/Dss Firmware | All versions |
| Mitsubishielectric | Fx5Uc-32Mt\/Dss | - |
| Mitsubishielectric | Fx5Uc-32Mt\/Dss-Ts Firmware | All versions |
| Mitsubishielectric | Fx5Uc-32Mt\/Dss-Ts | - |
| Mitsubishielectric | Fx5Uc-32Mt\/Ds-Ts Firmware | All versions |
| Mitsubishielectric | Fx5Uc-32Mt\/Ds-Ts | - |
| Mitsubishielectric | Fx5Uc-64Mt\/D Firmware | All versions |
| Mitsubishielectric | Fx5Uc-64Mt\/D | - |
| Mitsubishielectric | Fx5Uc-64Mt\/Dss Firmware | All versions |
| Mitsubishielectric | Fx5Uc-64Mt\/Dss | - |
| Mitsubishielectric | Fx5Uc-96Mt\/D Firmware | All versions |
| Mitsubishielectric | Fx5Uc-96Mt\/D | - |
| Mitsubishielectric | Fx5Uc-96Mt\/Dss Firmware | All versions |
| Mitsubishielectric | Fx5Uc-96Mt\/Dss | - |
| Mitsubishielectric | Fx5Uj-24Mr\/Es Firmware | All versions |
| Mitsubishielectric | Fx5Uj-24Mr\/Es | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU93891523/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01MitigationThird Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU93891523/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01MitigationThird Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdfVendor Advisory
FAQ
What is CVE-2023-0457?
CVE-2023-0457 is a vulnerability with a CVSS score of 7.5 (HIGH). Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to...
How severe is CVE-2023-0457?
CVE-2023-0457 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0457?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Fx5Uc-32Mr\/Ds-Ts Firmware, Mitsubishielectric Fx5Uc-32Mr\/Ds-Ts, Mitsubishielectric Fx5Uc-32Mt\/D Firmware, Mitsubishielectric Fx5Uc-32Mt\/D, Mitsubishielectric Fx5Uc-32Mt\/Dss Firmware.