Skip to main content

Gx Works3 CVE-2023-5247

HIGH
External Control of File Name or Path (CWE-73)
2023-11-30 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 30, 2023 - 04:15 nvd
HIGH 7.8

DescriptionNVD

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.

AnalysisAI

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-73. Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. Affected products include: Mitsubishielectric Gx Works3, Mitsubishielectric Melsoft Iq Appportal, Mitsubishielectric Melsoft Navigator, Mitsubishielectric Motion Control Setting.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-20588 CRITICAL
9.8 Feb 19

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Mo

CVE-2021-20587 CRITICAL
9.8 Feb 19

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuratio

CVE-2022-29830 CRITICAL
9.1 Nov 25

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z, and M

CVE-2024-26314 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and

CVE-2024-25088 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute

CVE-2024-25086 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute

CVE-2024-22106 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute ar

CVE-2023-4088 HIGH
7.8 Sep 20

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products

CVE-2022-29831 HIGH
7.5 Nov 25

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z all

CVE-2022-29829 HIGH
7.5 Nov 25

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT De

CVE-2022-29828 HIGH
7.5 Nov 25

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows

CVE-2022-29827 HIGH
7.5 Nov 25

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows

Share

CVE-2023-5247 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy