Vulnerability Description
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Fx3U-16Mr\/Es Firmware | - |
| Mitsubishielectric | Fx3U-16Mr\/Es | - |
| Mitsubishielectric | Fx3U-16Mt\/Es Firmware | - |
| Mitsubishielectric | Fx3U-16Mt\/Es | - |
| Mitsubishielectric | Fx3U-16Mt\/Ess Firmware | - |
| Mitsubishielectric | Fx3U-16Mt\/Ess | - |
| Mitsubishielectric | Fx3U-32Mr\/Es Firmware | - |
| Mitsubishielectric | Fx3U-32Mr\/Es | - |
| Mitsubishielectric | Fx3U-32Mt\/Es Firmware | - |
| Mitsubishielectric | Fx3U-32Mt\/Es | - |
| Mitsubishielectric | Fx3U-32Mt\/Ess Firmware | - |
| Mitsubishielectric | Fx3U-32Mt\/Ess | - |
| Mitsubishielectric | Fx3U-48Mr\/Es Firmware | - |
| Mitsubishielectric | Fx3U-48Mr\/Es | - |
| Mitsubishielectric | Fx3U-48Mt\/Es Firmware | - |
| Mitsubishielectric | Fx3U-48Mt\/Es | - |
| Mitsubishielectric | Fx3U-48Mt\/Ess Firmware | - |
| Mitsubishielectric | Fx3U-48Mt\/Ess | - |
| Mitsubishielectric | Fx3U-64Mr\/Es Firmware | - |
| Mitsubishielectric | Fx3U-64Mr\/Es | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU94519952MitigationThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04MitigationThird Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdfMitigationVendor Advisory
- https://jvn.jp/vu/JVNVU94519952MitigationThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04MitigationThird Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdfMitigationVendor Advisory
FAQ
What is CVE-2023-2846?
CVE-2023-2846 is a vulnerability with a CVSS score of 7.5 (HIGH). Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting...
How severe is CVE-2023-2846?
CVE-2023-2846 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2846?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Fx3U-16Mr\/Es Firmware, Mitsubishielectric Fx3U-16Mr\/Es, Mitsubishielectric Fx3U-16Mt\/Es Firmware, Mitsubishielectric Fx3U-16Mt\/Es, Mitsubishielectric Fx3U-16Mt\/Ess Firmware.