CVE-2023-6815

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6815

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

ncorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.

References
Link Resource
https://jvn.jp/vu/JVNVU95085830/index.html Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf Mitigation Vendor Advisory
https://jvn.jp/vu/JVNVU95085830/index.html Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:44

Type Values Removed Values Added
References () https://jvn.jp/vu/JVNVU95085830/index.html - Third Party Advisory () https://jvn.jp/vu/JVNVU95085830/index.html - Third Party Advisory
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 - Third Party Advisory, US Government Resource
References () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf - Mitigation, Vendor Advisory () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf - Mitigation, Vendor Advisory

22 Oct 2024, 12:58

Type Values Removed Values Added
First Time Mitsubishielectric r16sfcpu Firmware
Mitsubishielectric r32psfcpu Firmware
Mitsubishielectric r16psfcpu Firmware
Mitsubishielectric r120sfcpu
Mitsubishielectric r32sfcpu Firmware
Mitsubishielectric r08psfcpu
Mitsubishielectric r16psfcpu
Mitsubishielectric r16sfcpu
Mitsubishielectric r120psfcpu
Mitsubishielectric r120psfcpu Firmware
Mitsubishielectric r08psfcpu Firmware
Mitsubishielectric r120sfcpu Firmware
Mitsubishielectric r08sfcpu Firmware
Mitsubishielectric r32sfcpu
Mitsubishielectric r32psfcpu
Mitsubishielectric r08sfcpu
Mitsubishielectric
CPE cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*
References () https://jvn.jp/vu/JVNVU95085830/index.html - () https://jvn.jp/vu/JVNVU95085830/index.html - Third Party Advisory
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 - Third Party Advisory, US Government Resource
References () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf - () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf - Mitigation, Vendor Advisory
Information

Published : 2024-02-13 07:15

Updated : 2024-11-21 08:44

NVD link : CVE-2023-6815

Mitre link : CVE-2023-6815

CVE.ORG link : CVE-2023-6815

JSON object : View

Products Affected

mitsubishielectric

CWE
CWE-266

Incorrect Privilege Assignment