Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
References
Link | Resource |
---|---|
https://jvn.jp/vu/JVNVU95103362 | Third Party Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 | Third Party Advisory US Government Resource |
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf | Vendor Advisory |
https://jvn.jp/vu/JVNVU95103362 | Third Party Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 | Third Party Advisory US Government Resource |
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/vu/JVNVU95103362 - Third Party Advisory | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 - Third Party Advisory, US Government Resource | |
References | () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf - Vendor Advisory |
01 Nov 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. |
08 Feb 2024, 16:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:got2000:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:* cpe:2.3:a:mitsubishielectric:got1000:*:*:*:*:*:*:*:* |
|
First Time |
Mitsubishielectric gx Works2
Mitsubishielectric got1000 Mitsubishielectric mc Works64 Mitsubishielectric gx Works3 Mitsubishielectric Mitsubishielectric got2000 Mitsubishielectric fr Configurator2 Mitsubishielectric mt Works2 Mitsubishielectric melsoft Navigator Mitsubishielectric ezsocket Mitsubishielectric mx Component |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://jvn.jp/vu/JVNVU95103362 - Third Party Advisory | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 - Third Party Advisory, US Government Resource | |
References | () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf - Vendor Advisory |
31 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-30 09:15
Updated : 2024-11-21 08:44
NVD link : CVE-2023-6943
Mitre link : CVE-2023-6943
CVE.ORG link : CVE-2023-6943
JSON object : View
Products Affected
mitsubishielectric
- got2000
- gx_works2
- fr_configurator2
- melsoft_navigator
- mt_works2
- got1000
- gx_works3
- mc_works64
- mx_component
- ezsocket
CWE
CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')