CVE-2023-6374

Summary

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric CorporationMELSEC WS Series WS0-GETH00200All serial numbersaffected

Weaknesses

  • CWE-294: CWE-294 Authentication Bypass by Capture-replay

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References