Vulnerability Details : CVE-2023-4625
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.
Products affected by CVE-2023-4625
- cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/ds-ts_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss-ts_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-32mr\/ds-ts_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-80mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-32mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-64mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-80mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es-a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es-a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es-a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es-a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es-a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es-a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-30mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-40mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-60mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-80mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-30mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-40mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-60mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-80mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-30mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-40mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-60mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5s-80mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-32mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-64mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-80mt\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-32mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-64mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-80mr\/es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-32mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-64mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-80mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-32mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-64mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-80mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-32mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5u-64mt\/ess_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/dss_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/dss_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4625
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4625
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
Mitsubishi Electric Corporation | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2023-4625
-
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.Assigned by:
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-4625
-
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf
Vendor Advisory
-
https://jvn.jp/vu/JVNVU94620134
JVNVU#94620134: 三菱電機製MELSECシリーズにおける複数の脆弱性Third Party Advisory
-
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02
Mitsubishi Electric MELSEC iQ-F Series CPU Module | CISAThird Party Advisory;US Government Resource
Jump to