CVE-2023-2061

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-2061
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU92908006 Third Party Advisory
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitsubishielectric:fx5-enet\/ip_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:fx5-enet\/ip:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitsubishielectric:sw1dnn-eipct-bd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:sw1dnn-eipct-bd:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitsubishielectric:rj71eip91_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:rj71eip91:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitsubishielectric:sw1dnn-eipctfx5-bd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:sw1dnn-eipctfx5-bd:-:*:*:*:*:*:*:*
History

16 Jun 2023, 14:52

Type Values Removed Values Added
CPE cpe:2.3:h:mitsubishielectric:rj71eip91:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:sw1dnn-eipct-bd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:sw1dnn-eipct-bd:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:sw1dnn-eipctfx5-bd:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:rj71eip91_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:fx5-enet\/ip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:fx5-enet\/ip_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:sw1dnn-eipctfx5-bd_firmware:-:*:*:*:*:*:*:*
References (MISC) https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf - (MISC) https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf - Vendor Advisory
References (MISC) https://jvn.jp/vu/JVNVU92908006 - (MISC) https://jvn.jp/vu/JVNVU92908006 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Mitsubishielectric rj71eip91 Firmware
Mitsubishielectric sw1dnn-eipct-bd Firmware
Mitsubishielectric
Mitsubishielectric fx5-enet\/ip Firmware
Mitsubishielectric rj71eip91
Mitsubishielectric sw1dnn-eipct-bd
Mitsubishielectric sw1dnn-eipctfx5-bd Firmware
Mitsubishielectric fx5-enet\/ip
Mitsubishielectric sw1dnn-eipctfx5-bd
CWE CWE-798

02 Jun 2023, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-02 05:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-2061

Mitre link : CVE-2023-2061

CVE.ORG link : CVE-2023-2061

JSON object : View

Products Affected

mitsubishielectric

  • fx5-enet\/ip
  • sw1dnn-eipct-bd_firmware
  • rj71eip91_firmware
  • fx5-enet\/ip_firmware
  • sw1dnn-eipctfx5-bd_firmware
  • sw1dnn-eipctfx5-bd
  • rj71eip91
  • sw1dnn-eipct-bd
CWE
CWE-798

Use of Hard-coded Credentials

CWE-259

Use of Hard-coded Password


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024