Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
References
| Link | Resource |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf | Mitigation Vendor Advisory |
| https://jvn.jp/vu/JVNVU95085830/index.html | Third Party Advisory |
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
History
22 Oct 2024, 12:58
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01 - Third Party Advisory, US Government Resource | |
| References | () https://jvn.jp/vu/JVNVU95085830/index.html - Third Party Advisory | |
| References | () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf - Mitigation, Vendor Advisory | |
| CPE | cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:* cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:* |
|
| First Time |
Mitsubishielectric r120sfcpu
Mitsubishielectric r32sfcpu Mitsubishielectric r08psfcpu Firmware Mitsubishielectric r120psfcpu Mitsubishielectric r32psfcpu Mitsubishielectric r120sfcpu Firmware Mitsubishielectric Mitsubishielectric r32psfcpu Firmware Mitsubishielectric r08sfcpu Mitsubishielectric r16sfcpu Firmware Mitsubishielectric r32sfcpu Firmware Mitsubishielectric r08psfcpu Mitsubishielectric r120psfcpu Firmware Mitsubishielectric r16sfcpu Mitsubishielectric r16psfcpu Mitsubishielectric r16psfcpu Firmware Mitsubishielectric r08sfcpu Firmware |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
14 Feb 2024, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 Feb 2024, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-13 07:15
Updated : 2024-10-22 12:58
NVD link : CVE-2023-6815
Mitre link : CVE-2023-6815
JSON object : View
Products Affected
mitsubishielectric
- r32sfcpu
- r16psfcpu
- r08psfcpu
- r16psfcpu_firmware
- r32psfcpu_firmware
- r16sfcpu_firmware
- r08sfcpu_firmware
- r08psfcpu_firmware
- r120sfcpu
- r120psfcpu_firmware
- r08sfcpu
- r32psfcpu
- r16sfcpu
- r120sfcpu_firmware
- r120psfcpu
- r32sfcpu_firmware
CWE
CWE-266
Incorrect Privilege Assignment