OpenCVE

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Mitsubishielectric	R08psfcpu R08psfcpu Firmware R08sfcpu R08sfcpu Firmware R120psfcpu R120psfcpu Firmware R120sfcpu R120sfcpu Firmware R16psfcpu R16psfcpu Firmware R16sfcpu R16sfcpu Firmware R32psfcpu R32psfcpu Firmware R32sfcpu R32sfcpu Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU95085830/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf

History

Tue, 22 Oct 2024 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mitsubishielectric Mitsubishielectric r08psfcpu Mitsubishielectric r08psfcpu Firmware Mitsubishielectric r08sfcpu Mitsubishielectric r08sfcpu Firmware Mitsubishielectric r120psfcpu Mitsubishielectric r120psfcpu Firmware Mitsubishielectric r120sfcpu Mitsubishielectric r120sfcpu Firmware Mitsubishielectric r16psfcpu Mitsubishielectric r16psfcpu Firmware Mitsubishielectric r16sfcpu Mitsubishielectric r16sfcpu Firmware Mitsubishielectric r32psfcpu Mitsubishielectric r32psfcpu Firmware Mitsubishielectric r32sfcpu Mitsubishielectric r32sfcpu Firmware
CPEs		cpe:2.3:h:mitsubishielectric:r08psfcpu:-:::::::* cpe:2.3:h:mitsubishielectric:r08sfcpu:-:::::::* cpe:2.3:h:mitsubishielectric:r120psfcpu:-:::::::* cpe:2.3:h:mitsubishielectric:r120sfcpu:-:::::::* cpe:2.3:h:mitsubishielectric:r16psfcpu:-:::::::* cpe:2.3:h:mitsubishielectric:r16sfcpu:-:::::::* cpe:2.3:h:mitsubishielectric:r32psfcpu:-:::::::* cpe:2.3:h:mitsubishielectric:r32sfcpu:-:::::::* cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:::::::: cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:::::::: cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:::::::: cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:::::::: cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:::::::: cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:::::::: cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:::::::: cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware::::::::
Vendors & Products		Mitsubishielectric Mitsubishielectric r08psfcpu Mitsubishielectric r08psfcpu Firmware Mitsubishielectric r08sfcpu Mitsubishielectric r08sfcpu Firmware Mitsubishielectric r120psfcpu Mitsubishielectric r120psfcpu Firmware Mitsubishielectric r120sfcpu Mitsubishielectric r120sfcpu Firmware Mitsubishielectric r16psfcpu Mitsubishielectric r16psfcpu Firmware Mitsubishielectric r16sfcpu Mitsubishielectric r16sfcpu Firmware Mitsubishielectric r32psfcpu Mitsubishielectric r32psfcpu Firmware Mitsubishielectric r32sfcpu Mitsubishielectric r32sfcpu Firmware

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2024-02-13T06:27:51.202Z

Updated: 2024-08-02T08:42:07.419Z

Reserved: 2023-12-14T02:59:09.887Z

Link: CVE-2023-6815

Vulnrichment

Updated: 2024-05-23T19:01:11.218Z

NVD

Status : Analyzed

Published: 2024-02-13T07:15:46.843

Modified: 2024-10-22T12:58:28.877

Link: CVE-2023-6815

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object