CVE-2023-0525 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2023-0525?

CVE-2023-0525 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-0525?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gt Designer3, Mitsubishielectric Gt Softgot2000, Mitsubishielectric Gt27 Firmware, Mitsubishielectric Gt27, Mitsubishielectric Gt25 Firmware.

Vulnerability Description

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Gt Designer3	< 1.300n
Mitsubishielectric	Gt Softgot2000	< 1.300n
Mitsubishielectric	Gt27 Firmware	< 01.50.000
Mitsubishielectric	Gt27	-
Mitsubishielectric	Gt25 Firmware	< 01.50.000
Mitsubishielectric	Gt25	-
Mitsubishielectric	Gt23 Firmware	< 01.50.000
Mitsubishielectric	Gt23	-
Mitsubishielectric	Gt21 Firmware	< 01.50.000
Mitsubishielectric	Gt21	-
Mitsubishielectric	Gs25 Firmware	< 01.50.000
Mitsubishielectric	Gs25	-
Mitsubishielectric	Gs21 Firmware	< 01.50.000
Mitsubishielectric	Gs21	-

Related Weaknesses (CWE)

CWE-326 CWE-261

References

https://jvn.jp/vu/JVNVU95285923/index.htmlThird Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdfVendor Advisory
https://jvn.jp/vu/JVNVU95285923/index.htmlThird Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdfVendor Advisory

FAQ

What is CVE-2023-0525?

CVE-2023-0525 is a vulnerability with a CVSS score of 7.5 (HIGH). Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.0...

How severe is CVE-2023-0525?

CVE-2023-0525 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0525?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gt Designer3, Mitsubishielectric Gt Softgot2000, Mitsubishielectric Gt27 Firmware, Mitsubishielectric Gt27, Mitsubishielectric Gt25 Firmware.