high
7.5
CWE
326 261
Advisory Published
Updated

CVE-2023-0525: Weak Encryption

First published: Fri Aug 04 2023(Updated: )

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected SoftwareAffected VersionHow to fix
Mitsubishielectric Gt Designer3<1.300n
Mitsubishielectric Gt Softgot2000<1.300n
Mitsubishielectric Gt27 Firmware<01.50.000
Mitsubishielectric Gt27
Mitsubishielectric Gt25 Firmware<01.50.000
Mitsubishielectric Gt25
Mitsubishielectric Gt23 Firmware<01.50.000
Mitsubishielectric Gt23
Mitsubishielectric Gt21 Firmware<01.50.000
Mitsubishielectric Gt21
Mitsubishielectric Gs25 Firmware<01.50.000
Mitsubishielectric Gs25
Mitsubishielectric Gs21 Firmware<01.50.000
Mitsubishielectric Gs21
Mitsubishi Electric ​GT Designer3 Version1 (GOT2000): v1.295H and prior
Mitsubishi Electric ​GT SoftGOT2000: v1.295H and prior
Mitsubishi Electric ​GOT2000 (Models GT21, GT23, GT25, GT27): v01.49.000 and prior
Mitsubishi Electric ​GOT SIMPLE (Models GS25, GS21): v01.49.000 and prior

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2023-0525?

    CVE-2023-0525 is a vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27, GT25, GT23, GT21, and GOT SIMPLE Series GS25 that allows weak encoding for passwords.

  • Which software versions are affected by CVE-2023-0525?

    CVE-2023-0525 affects Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, and GOT SIMPLE Series GS25 model versions 01.49.000 and prior.

  • What is the severity of CVE-2023-0525?

    CVE-2023-0525 has a severity score of 7.5 (high).

  • How can I fix the CVE-2023-0525 vulnerability?

    To fix the CVE-2023-0525 vulnerability, update your Mitsubishi Electric Corporation GOT2000 Series GT27, GT25, GT23, GT21, and GOT SIMPLE Series GS25 to version 01.50.000 or later.

  • Where can I find more information about CVE-2023-0525?

    You can find more information about CVE-2023-0525 at the following references: [CISA Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02), [Mitsubishi Electric Corporation PSIRT](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdf), [JVN](https://jvn.jp/vu/JVNVU95285923/index.html).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203