CVE-2023-0457: Information Disclosure Vulnerability in MELSEC Series

Reference Links

• https://jvn.jp/vu/JVNVU93891523/index.html
• https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01 (Advisory)
• https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf

Parent vulnerabilities

(Appears in the following advisories)

• ICSA-23-061-01

Frequently Asked Questions

• What is the severity of CVE-2023-0457?

  CVE-2023-0457 has been classified as a significant security vulnerability due to the potential for unauthorized access to plaintext credentials.

• How do I fix CVE-2023-0457?

  To mitigate CVE-2023-0457, ensure that you upgrade to the latest firmware version provided by Mitsubishi Electric.

• Which Mitsubishi Electric products are affected by CVE-2023-0457?

  CVE-2023-0457 affects various models from the MELSEC iQ-F, iQ-R, Q, and L series, including the FX5U, FX5UJ, and others listed in the advisory.

• What can an attacker do if they exploit CVE-2023-0457?

  If exploited, an attacker can potentially access and disclose plaintext credentials stored in project files and gain unauthorized login access to FTP servers.

• Is CVE-2023-0457 a remote vulnerability?

  Yes, CVE-2023-0457 allows a remote unauthenticated attacker to exploit the vulnerability without physical access to the affected systems.