Vulnerability Details : CVE-2023-5274
Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2023-5274
- cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5274
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5274
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.5
|
LOW | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
1.0
|
1.4
|
Mitsubishi Electric Corporation | |
4.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.0
|
3.6
|
NIST |
CWE ids for CVE-2023-5274
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-5274
-
https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-03
Mitsubishi Electric GX Works2 | CISAThird Party Advisory;US Government Resource
-
https://jvn.jp/vu/JVNVU98760962/index.html
JVNVU#98760962: 三菱電機製GX Works2のシミュレーション機能における不適切なパケット処理の脆弱性Third Party Advisory
-
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-015_en.pdf
Vendor Advisory
Jump to