Vulnerability Details : CVE-2023-0457
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
Products affected by CVE-2023-0457
- cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/d_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/ds-ts_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss-ts_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-32mr\/ds-ts_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/ess_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/ess_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/ess_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5-enet_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5-enet\/ip_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/d_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/d_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/dss_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/dss_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-30mt\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-40mt\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-60mt\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-80mt\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-30mr\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-40mr\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-60mr\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-80mr\/es_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-30mt\/ess_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-40mt\/ess_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-60mt\/ess_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-80mt\/ess_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0457
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0457
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
Mitsubishi Electric Corporation | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-0457
-
Storing a password in plaintext may result in a system compromise.Assigned by: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp (Secondary)
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-0457
-
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf
Vendor Advisory
-
https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01
Mitsubishi Electric MELSEC iQ-F Series | CISAMitigation;Third Party Advisory;US Government Resource
-
https://jvn.jp/vu/JVNVU93891523/index.html
JVNVU#93891523: 三菱電機製MELSEC iQ-Fシリーズにおける認証情報の平文保存の脆弱性Third Party Advisory
Jump to