CVE-2023-0525: Weak Encryption
First published: Thu Aug 03 2023(Updated: )
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Gt Designer3 | <1.300n | |
| Mitsubishielectric Gt Softgot2000 | <1.300n | |
| Mitsubishielectric Gt27 Firmware | <01.50.000 | |
| Mitsubishielectric Gt27 | ||
| Mitsubishielectric Gt25 Firmware | <01.50.000 | |
| Mitsubishielectric Gt25 | ||
| Mitsubishielectric Gt23 Firmware | <01.50.000 | |
| Mitsubishielectric Gt23 | ||
| Mitsubishielectric Gt21 Firmware | <01.50.000 | |
| Mitsubishielectric Gt21 | ||
| Mitsubishielectric Gs25 Firmware | <01.50.000 | |
| Mitsubishielectric Gs25 | ||
| Mitsubishielectric Gs21 Firmware | <01.50.000 | |
| Mitsubishielectric Gs21 | ||
| Mitsubishi Electric GT Designer3 Version1 (GOT2000): v1.295H and prior | ||
| Mitsubishi Electric GT SoftGOT2000: v1.295H and prior | ||
| Mitsubishi Electric GOT2000 (Models GT21, GT23, GT25, GT27): v01.49.000 and prior | ||
| Mitsubishi Electric GOT SIMPLE (Models GS25, GS21): v01.49.000 and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-0525?
CVE-2023-0525 is a vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27, GT25, GT23, GT21, and GOT SIMPLE Series GS25 that allows weak encoding for passwords.
Which software versions are affected by CVE-2023-0525?
CVE-2023-0525 affects Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, and GOT SIMPLE Series GS25 model versions 01.49.000 and prior.
What is the severity of CVE-2023-0525?
CVE-2023-0525 has a severity score of 7.5 (high).
How can I fix the CVE-2023-0525 vulnerability?
To fix the CVE-2023-0525 vulnerability, update your Mitsubishi Electric Corporation GOT2000 Series GT27, GT25, GT23, GT21, and GOT SIMPLE Series GS25 to version 01.50.000 or later.
Where can I find more information about CVE-2023-0525?
You can find more information about CVE-2023-0525 at the following references: [CISA Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02), [Mitsubishi Electric Corporation PSIRT](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdf), [JVN](https://jvn.jp/vu/JVNVU95285923/index.html).
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/mitsubishielectric
- canonical/mitsubishielectric gt designer3
- canonical/mitsubishielectric gt softgot2000
- canonical/mitsubishielectric gt27 firmware
- canonical/mitsubishielectric gt27
- canonical/mitsubishielectric gt25 firmware
- canonical/mitsubishielectric gt25
- canonical/mitsubishielectric gt23 firmware
- canonical/mitsubishielectric gt23
- canonical/mitsubishielectric gt21 firmware
- canonical/mitsubishielectric gt21
- canonical/mitsubishielectric gs25 firmware
- canonical/mitsubishielectric gs25
- canonical/mitsubishielectric gs21 firmware
- canonical/mitsubishielectric gs21
- vendor/mitsubishi electric
- canonical/mitsubishi electric gt designer3 version1 (got2000): v1.295h and prior
- canonical/mitsubishi electric gt softgot2000: v1.295h and prior
- canonical/mitsubishi electric got2000 (models gt21, gt23, gt25, gt27): v01.49.000 and prior
- canonical/mitsubishi electric got simple (models gs25, gs21): v01.49.000 and prior