Executive Summary

Informations
Name CVE-2023-6943 First vendor Publication 2024-01-30
Vendor Cve Last vendor Modification 2024-02-08

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6943

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1

Sources (Detail)

https://jvn.jp/vu/JVNVU95103362
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-02-08 21:27:38
  • Multiple Updates
2024-01-31 13:27:28
  • Multiple Updates
2024-01-30 17:27:24
  • Multiple Updates
2024-01-30 13:27:26
  • First insertion