Skip to main content

Fx3U 16Mr Es Firmware CVE-2023-2846

CRITICAL
Authentication Bypass by Capture-replay (CWE-294)
2023-06-30 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Authentication Bypass Fx3U 16Mr Es Firmware Fx3U 16Mt Es Firmware Fx3U 16Mt Ess Firmware Fx3U 32Mr Es Firmware Fx3U 32Mt Es Firmware Fx3U 32Mt Ess Firmware Fx3U 48Mr Es Firmware Fx3U 48Mt Es Firmware Fx3U 48Mt Ess Firmware Fx3U 64Mr Es Firmware Fx3U 64Mt Es Firmware Fx3U 64Mt Ess Firmware Fx3U 80Mr Es Firmware Fx3U 80Mt Es Firmware Fx3U 80Mt Ess Firmware Fx3U 128Mr Es Firmware Fx3U 128Mt Es Firmware Fx3U 128Mt Ess Firmware Fx3U 16Mr Ds Firmware Fx3U 16Mt Ds Firmware Fx3U 16Mt Dss Firmware Fx3U 32Mr Ds Firmware Fx3U 32Mt Ds Firmware Fx3U 32Mt Dss Firmware Fx3U 48Mr Ds Firmware Fx3U 48Mt Ds Firmware Fx3U 48Mt Dss Firmware Fx3U 64Mr Ds Firmware Fx3U 64Mt Ds Firmware Fx3U 64Mt Dss Firmware Fx3U 80Mr Ds Firmware Fx3U 80Mt Ds Firmware Fx3U 80Mt Dss Firmware Fx3U 32Mr Ua1 Firmware Fx3U 64Mr Ua1 Firmware Fx3U 32Ms Es Firmware Fx3U 64Ms Es Firmware Fx3U 16Mr Es A Firmware Fx3U 16Mt Es A Firmware Fx3U 32Mr Es A Firmware Fx3U 32Mt Es A Firmware Fx3U 48Mr Es A Firmware Fx3U 48Mt Es A Firmware Fx3U 64Mr Es A Firmware Fx3U 64Mt Es A Firmware Fx3U 80Mr Es A Firmware Fx3U 80Mt Es A Firmware Fx3U 128Mr Es A Firmware Fx3U 128Mt Es A Firmware Fx3Uc 16Mt D Firmware Fx3Uc 32Mt D Firmware Fx3Uc 64Mt D Firmware Fx3Uc 96Mt D Firmware Fx3Uc 16Mt Dss Firmware Fx3Uc 32Mt Dss Firmware Fx3Uc 64Mt Dss Firmware Fx3Uc 96Mt Dss Firmware Fx3Uc 16Mr D T Firmware Fx3Uc 16Mr Ds T Firmware Fx3Uc 32Mt Lt Firmware Fx3Uc 32Mt Lt 2 Firmware Fx3Uc 16Mt D P4 Firmware Fx3Uc 16Mt Dss P4 Firmware Fx3G 14Mr Es Firmware Fx3G 14Mt Es Firmware Fx3G 14Mt Ess Firmware Fx3G 24Mr Es Firmware Fx3G 24Mt Es Firmware Fx3G 24Mt Ess Firmware Fx3G 40Mr Es Firmware Fx3G 40Mt Es Firmware Fx3G 40Mt Ess Firmware Fx3G 60Mr Es Firmware Fx3G 60Mt Es Firmware Fx3G 60Mt Ess Firmware Fx3G 14Mr Ds Firmware Fx3G 14Mt Ds Firmware Fx3G 14Mt Dss Firmware Fx3G 24Mr Ds Firmware Fx3G 24Mt Ds Firmware Fx3G 24Mt Dss Firmware Fx3G 40Mr Ds Firmware Fx3G 40Mt Ds Firmware Fx3G 40Mt Dss Firmware Fx3G 60Mr Ds Firmware Fx3G 60Mt Ds Firmware Fx3G 60Mt Dss Firmware Fx3G 14Mr Es A Firmware Fx3G 14Mt Es A Firmware Fx3G 24Mr Es A Firmware Fx3G 24Mt Es A Firmware Fx3G 40Mr Es A Firmware Fx3G 40Mt Es A Firmware Fx3G 60Mr Es A Firmware Fx3G 60Mt Es A Firmware Fx3Gc 32Mt D Firmware Fx3Gc 32Mt Dss Firmware Fx3Ge 24Mr Es Firmware Fx3Ge 24Mt Es Firmware Fx3Ge 24Mt Ess Firmware Fx3Ge 40Mr Es Firmware Fx3Ge 40Mt Es Firmware Fx3Ge 40Mt Ess Firmware Fx3Ge 24Mr Ds Firmware Fx3Ge 24Mt Ds Firmware Fx3Ge 24Mt Dss Firmware Fx3Ge 40Mr Ds Firmware Fx3Ge 40Mt Ds Firmware Fx3Ge 40Mt Dss Firmware Fx3Ga 24Mr Cm Firmware Fx3Ga 24Mt Cm Firmware Fx3Ga 40Mr Cm Firmware Fx3Ga 40Mt Cm Firmware Fx3Ga 60Mr Cm Firmware Fx3Ga 60Mt Cm Firmware Fx3S 10Mr Ds Firmware Fx3S 10Mr Es Firmware Fx3S 10Mt Ds Firmware Fx3S 10Mt Dss Firmware Fx3S 10Mt Es Firmware Fx3S 10Mt Ess Firmware Fx3S 14Mr Ds Firmware Fx3S 14Mr Es Firmware Fx3S 14Mt Ds Firmware Fx3S 14Mt Dss Firmware Fx3S 14Mt Es Firmware Fx3S 14Mt Ess Firmware Fx3S 20Mr Ds Firmware Fx3S 20Mr Es Firmware Fx3S 20Mt Ds Firmware Fx3S 20Mt Dss Firmware Fx3S 20Mt Es Firmware Fx3S 20Mt Ess Firmware Fx3S 30Mr Ds Firmware Fx3S 30Mr Es Firmware Fx3S 30Mt Ds Firmware Fx3S 30Mt Dss Firmware Fx3S 30Mt Es Firmware Fx3S 30Mt Ess Firmware Fx3S 30Mr Es 2Ad Firmware Fx3S 30Mt Es 2Ad Firmware Fx3S 30Mt Ess 2Ad Firmware Fx3Sa 10Mr Cm Firmware Fx3Sa 10Mt Cm Firmware Fx3Sa 14Mr Cm Firmware Fx3Sa 14Mt Cm Firmware Fx3Sa 20Mr Cm Firmware Fx3Sa 20Mt Cm Firmware Fx3Sa 30Mr Cm Firmware Fx3Sa 30Mt Cm Firmware
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 30, 2023 - 05:15 nvd
CRITICAL 9.1

DescriptionNVD

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.

AnalysisAI

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-294. Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. Affected products include: Mitsubishielectric Fx3U-16Mr\/Es Firmware, Mitsubishielectric Fx3U-16Mt\/Es Firmware, Mitsubishielectric Fx3U-16Mt\/Ess Firmware, Mitsubishielectric Fx3U-32Mr\/Es Firmware, Mitsubishielectric Fx3U-32Mt\/Es Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2023-2846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy