CVE-2023-4625 — MEDIUM (5.3)

Vulnerability Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Mitsubishielectric	Fx5U-32Mt\/Es Firmware	-
Mitsubishielectric	Fx5U-32Mt\/Es	-
Mitsubishielectric	Fx5U-64Mt\/Es Firmware	-
Mitsubishielectric	Fx5U-64Mt\/Es	-
Mitsubishielectric	Fx5U-80Mt\/Es Firmware	-
Mitsubishielectric	Fx5U-80Mt\/Es	-
Mitsubishielectric	Fx5U-32Mr\/Es Firmware	-
Mitsubishielectric	Fx5U-32Mr\/Es	-
Mitsubishielectric	Fx5U-64Mr\/Es Firmware	-
Mitsubishielectric	Fx5U-64Mr\/Es	-
Mitsubishielectric	Fx5U-80Mr\/Es Firmware	-
Mitsubishielectric	Fx5U-80Mr\/Es	-
Mitsubishielectric	Fx5U-32Mt\/Ds Firmware	-
Mitsubishielectric	Fx5U-32Mt\/Ds	-
Mitsubishielectric	Fx5U-64Mt\/Ds Firmware	-
Mitsubishielectric	Fx5U-64Mt\/Ds	-
Mitsubishielectric	Fx5U-80Mt\/Ds Firmware	-
Mitsubishielectric	Fx5U-80Mt\/Ds	-
Mitsubishielectric	Fx5U-32Mr\/Ds Firmware	-
Mitsubishielectric	Fx5U-32Mr\/Ds	-

Related Weaknesses (CWE)

CWE-307

References

https://jvn.jp/vu/JVNVU94620134Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdfVendor Advisory
https://jvn.jp/vu/JVNVU94620134Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdfVendor Advisory

FAQ

What is CVE-2023-4625?

CVE-2023-4625 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attac...

How severe is CVE-2023-4625?

CVE-2023-4625 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4625?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Fx5U-32Mt\/Es Firmware, Mitsubishielectric Fx5U-32Mt\/Es, Mitsubishielectric Fx5U-64Mt\/Es Firmware, Mitsubishielectric Fx5U-64Mt\/Es, Mitsubishielectric Fx5U-80Mt\/Es Firmware.