CVE-2023-0457

high-risk

Published 2023-03-03

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.

Do I need to act?

1.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Fx5Uc-32Mr\/Ds-Ts Firmware

Fx5Uc-32Mt\/D Firmware

Fx5Uc-32Mt\/Dss Firmware

Fx5Uc-32Mt\/Dss-Ts Firmware

Fx5Uc-32Mt\/Ds-Ts Firmware

Fx5Uc-64Mt\/D Firmware

Fx5Uc-64Mt\/Dss Firmware

Fx5Uc-96Mt\/D Firmware

Fx5Uc-96Mt\/Dss Firmware

Fx5Uj-24Mr\/Es Firmware

Fx5Uj-24Mr\/Es-A Firmware

Fx5Uj-24Mt\/Es Firmware

Fx5Uj-24Mt\/Es-A Firmware

Fx5Uj-24Mt\/Ess Firmware

Fx5Uj-40Mr\/Es Firmware

Fx5Uj-40Mr\/Es-A Firmware

Fx5Uj-40Mt\/Es Firmware

Fx5Uj-40Mt\/Es-A Firmware

Fx5Uj-40Mt\/Ess Firmware

Fx5Uj-60Mr\/Es Firmware

Affected Vendors

Mitsubishielectric

References (6)

Third Party Advisory https://jvn.jp/vu/JVNVU93891523/index.html

Mitigation https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01

Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf

Third Party Advisory https://jvn.jp/vu/JVNVU93891523/index.html

Mitigation https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01

Vendor Advisory https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf

/ 100

high-risk

Severity 26/34 · High

Exploitability 5/34 · Minimal

Exposure 24/34 · High