Description
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R08SFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R16SFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R32SFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R120SFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R16PSFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R32PSFCPU | unaffected |
|
||||||
| Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R120PSFCPU | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-59025 | Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. |
References
History
Tue, 22 Oct 2024 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mitsubishielectric
Mitsubishielectric r08psfcpu Mitsubishielectric r08psfcpu Firmware Mitsubishielectric r08sfcpu Mitsubishielectric r08sfcpu Firmware Mitsubishielectric r120psfcpu Mitsubishielectric r120psfcpu Firmware Mitsubishielectric r120sfcpu Mitsubishielectric r120sfcpu Firmware Mitsubishielectric r16psfcpu Mitsubishielectric r16psfcpu Firmware Mitsubishielectric r16sfcpu Mitsubishielectric r16sfcpu Firmware Mitsubishielectric r32psfcpu Mitsubishielectric r32psfcpu Firmware Mitsubishielectric r32sfcpu Mitsubishielectric r32sfcpu Firmware |
|
| CPEs | cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Mitsubishielectric
Mitsubishielectric r08psfcpu Mitsubishielectric r08psfcpu Firmware Mitsubishielectric r08sfcpu Mitsubishielectric r08sfcpu Firmware Mitsubishielectric r120psfcpu Mitsubishielectric r120psfcpu Firmware Mitsubishielectric r120sfcpu Mitsubishielectric r120sfcpu Firmware Mitsubishielectric r16psfcpu Mitsubishielectric r16psfcpu Firmware Mitsubishielectric r16sfcpu Mitsubishielectric r16sfcpu Firmware Mitsubishielectric r32psfcpu Mitsubishielectric r32psfcpu Firmware Mitsubishielectric r32sfcpu Mitsubishielectric r32sfcpu Firmware |
Subscriptions
Mitsubishielectric
Subscribe
R08psfcpu
Subscribe
R08psfcpu Firmware
Subscribe
R08sfcpu
Subscribe
R08sfcpu Firmware
Subscribe
R120psfcpu
Subscribe
R120psfcpu Firmware
Subscribe
R120sfcpu
Subscribe
R120sfcpu Firmware
Subscribe
R16psfcpu
Subscribe
R16psfcpu Firmware
Subscribe
R16sfcpu
Subscribe
R16sfcpu Firmware
Subscribe
R32psfcpu
Subscribe
R32psfcpu Firmware
Subscribe
R32sfcpu
Subscribe
R32sfcpu Firmware
Subscribe
MITRE
Status: PUBLISHED
Assigner: Mitsubishi
Published:
Updated: 2024-08-02T08:42:07.419Z
Reserved: 2023-12-14T02:59:09.887Z
Link: CVE-2023-6815
Vulnrichment
Updated: 2024-05-23T19:01:11.218Z
NVD
Status : Modified
Published: 2024-02-13T07:15:46.843
Modified: 2024-11-21T08:44:36.877
Link: CVE-2023-6815
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses