CVE-2023-6815

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6815
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU95085830/index.html Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*
History

22 Oct 2024, 12:58

Type Values Removed Values Added
First Time Mitsubishielectric r16sfcpu Firmware
Mitsubishielectric r120sfcpu Firmware
Mitsubishielectric r08sfcpu Firmware
Mitsubishielectric
Mitsubishielectric r120psfcpu Firmware
Mitsubishielectric r16psfcpu Firmware
Mitsubishielectric r08psfcpu
Mitsubishielectric r08sfcpu
Mitsubishielectric r120sfcpu
Mitsubishielectric r32sfcpu Firmware
Mitsubishielectric r16psfcpu
Mitsubishielectric r32psfcpu
Mitsubishielectric r16sfcpu
Mitsubishielectric r32psfcpu Firmware
Mitsubishielectric r08psfcpu Firmware
Mitsubishielectric r32sfcpu
Mitsubishielectric r120psfcpu
References () https://jvn.jp/vu/JVNVU95085830/index.html - () https://jvn.jp/vu/JVNVU95085830/index.html - Third Party Advisory
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 - Third Party Advisory, US Government Resource
References () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf - () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf - Mitigation, Vendor Advisory
CPE cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*

14 Feb 2024, 04:15

Type Values Removed Values Added
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 -

13 Feb 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-13 07:15

Updated : 2024-10-22 12:58

NVD link : CVE-2023-6815

Mitre link : CVE-2023-6815

CVE.ORG link : CVE-2023-6815

JSON object : View

Products Affected

mitsubishielectric

  • r32sfcpu_firmware
  • r120sfcpu_firmware
  • r120psfcpu_firmware
  • r32sfcpu
  • r16sfcpu
  • r16psfcpu
  • r120psfcpu
  • r32psfcpu_firmware
  • r16psfcpu_firmware
  • r32psfcpu
  • r120sfcpu
  • r08psfcpu
  • r08sfcpu_firmware
  • r08sfcpu
  • r16sfcpu_firmware
  • r08psfcpu_firmware
CWE
CWE-266

Incorrect Privilege Assignment


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024