1. Home
  2. CVE Database
  3. CVE-2023-5247
HIGH · 7.8

CVE-2023-5247

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious ...

Vulnerability Description

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
MitsubishielectricGx Works3All versions
MitsubishielectricMelsoft Iq AppportalAll versions
MitsubishielectricMelsoft NavigatorAll versions
MitsubishielectricMotion Control SettingAll versions

Related Weaknesses (CWE)

CWE-73CWE-610

References

FAQ

What is CVE-2023-5247?

CVE-2023-5247 is a vulnerability with a CVSS score of 7.8 (HIGH). Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious ...

How severe is CVE-2023-5247?

CVE-2023-5247 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5247?

Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gx Works3, Mitsubishielectric Melsoft Iq Appportal, Mitsubishielectric Melsoft Navigator, Mitsubishielectric Motion Control Setting.