CVE-2023-2062

Summary

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric CorporationEtherNet/IP Configuration tool for RJ71EIP91 SW1DNN-EIPCT-BDSoftware version "1.01B" and prioraffected
Mitsubishi Electric CorporationEtherNet/IP Configuration tool for FX5-ENET/IP SW1DNN-EIPCTFX5-BDSoftware version "1.01B" and prioraffected

Weaknesses

  • CWE-549: CWE-549 Missing Password Field Masking

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References