First published: Fri Jun 02 2023(Updated: )
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric Fx5-enet\/ip Firmware | ||
Mitsubishielectric Fx5-enet\/ip | ||
Mitsubishielectric Sw1dnn-eipct-bd Firmware | ||
Mitsubishielectric Sw1dnn-eipct-bd | ||
Mitsubishielectric Rj71eip91 Firmware | ||
Mitsubishielectric Rj71eip91 | ||
Mitsubishielectric Sw1dnn-eipctfx5-bd Firmware | ||
Mitsubishielectric Sw1dnn-eipctfx5-bd | ||
All of | ||
Mitsubishielectric Fx5-enet\/ip Firmware | ||
Mitsubishielectric Fx5-enet\/ip | ||
All of | ||
Mitsubishielectric Sw1dnn-eipct-bd Firmware | ||
Mitsubishielectric Sw1dnn-eipct-bd | ||
All of | ||
Mitsubishielectric Rj71eip91 Firmware | ||
Mitsubishielectric Rj71eip91 | ||
All of | ||
Mitsubishielectric Sw1dnn-eipctfx5-bd Firmware | ||
Mitsubishielectric Sw1dnn-eipctfx5-bd |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-2062.
The severity of CVE-2023-2062 is medium.
The affected software are Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD.
The vulnerability allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP.
Apply the necessary patches or updates provided by Mitsubishi Electric Corporation.