Skip to main content

Gx Works2 CVE-2023-5275

MEDIUM
Improper Input Validation (CWE-20)
2023-11-30 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 30, 2023 - 05:15 nvd
MEDIUM 4.7

DescriptionNVD

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.

AnalysisAI

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. Rated medium severity (CVSS 4.7). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. Affected products include: Mitsubishielectric Gx Works2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-20588 CRITICAL
9.8 Feb 19

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Mo

CVE-2021-20587 CRITICAL
9.8 Feb 19

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuratio

CVE-2024-26314 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and

CVE-2024-25088 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute

CVE-2024-25086 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute

CVE-2024-22106 HIGH
7.8 Jul 02

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute ar

CVE-2021-20608 HIGH
7.5 Dec 17

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and p

CVE-2020-5603 HIGH
7.5 Jun 30

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Conf

CVE-2020-5602 HIGH
7.5 Jun 30

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5),

CVE-2024-25087 MEDIUM
5.5 Jul 02

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue sc

CVE-2024-22105 MEDIUM
5.5 Jul 02

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue sc

CVE-2024-22104 MEDIUM
5.5 Jul 02

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen

Share

CVE-2023-5275 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy