Vulnerability Description
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Ezsocket | >= 3.0 |
| Mitsubishielectric | Fr Configurator2 | All versions |
| Mitsubishielectric | Got1000 | All versions |
| Mitsubishielectric | Got2000 | All versions |
| Mitsubishielectric | Gx Works2 | >= 1.11m |
| Mitsubishielectric | Gx Works3 | All versions |
| Mitsubishielectric | Mc Works64 | All versions |
| Mitsubishielectric | Melsoft Navigator | >= 1.04e |
| Mitsubishielectric | Mt Works2 | All versions |
| Mitsubishielectric | Mx Component | >= 4.00a |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU95103362Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdfVendor Advisory
- https://jvn.jp/vu/JVNVU95103362Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02Third Party AdvisoryUS Government Resource
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdfVendor Advisory
FAQ
What is CVE-2023-6942?
CVE-2023-6942 is a vulnerability with a CVSS score of 7.5 (HIGH). Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Vers...
How severe is CVE-2023-6942?
CVE-2023-6942 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6942?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Ezsocket, Mitsubishielectric Fr Configurator2, Mitsubishielectric Got1000, Mitsubishielectric Got2000, Mitsubishielectric Gx Works2.