Vulnerability Description
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | R08Sfcpu Firmware | All versions |
| Mitsubishielectric | R08Sfcpu | - |
| Mitsubishielectric | R16Sfcpu Firmware | All versions |
| Mitsubishielectric | R16Sfcpu | - |
| Mitsubishielectric | R32Sfcpu Firmware | All versions |
| Mitsubishielectric | R32Sfcpu | - |
| Mitsubishielectric | R120Sfcpu Firmware | All versions |
| Mitsubishielectric | R120Sfcpu | - |
| Mitsubishielectric | R08Psfcpu Firmware | All versions |
| Mitsubishielectric | R08Psfcpu | - |
| Mitsubishielectric | R16Psfcpu Firmware | All versions |
| Mitsubishielectric | R16Psfcpu | - |
| Mitsubishielectric | R32Psfcpu Firmware | All versions |
| Mitsubishielectric | R32Psfcpu | - |
| Mitsubishielectric | R120Psfcpu Firmware | All versions |
| Mitsubishielectric | R120Psfcpu | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU95085830/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdfMitigationVendor Advisory
- https://jvn.jp/vu/JVNVU95085830/index.htmlThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdfMitigationVendor Advisory
FAQ
What is CVE-2023-6815?
CVE-2023-6815 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCP...
How severe is CVE-2023-6815?
CVE-2023-6815 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6815?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric R08Sfcpu Firmware, Mitsubishielectric R08Sfcpu, Mitsubishielectric R16Sfcpu Firmware, Mitsubishielectric R16Sfcpu, Mitsubishielectric R32Sfcpu Firmware.