MEDIUM🇵🇱 Wersja polska

CVE-2023-2063

CVSS 6.3v3.1pub. 2023-06-02upd. 2024-11-21

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • Mitsubishielectric Fx5 Enet\/ip

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Fx5 Enet\/ip Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Rj71eip91

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Rj71eip91 Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Sw1dnn Eipct Bd

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Sw1dnn Eipct Bd Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Sw1dnn Eipctfx5 Bd

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Sw1dnn Eipctfx5 Bd Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-16226CRITICAL9.8ten sam produkt

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious a...

CVE-2023-2060HIGH7.5ten sam produkt

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series...

CVE-2023-0457HIGH7.5ten sam produkt

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ...

CVE-2023-2061MEDIUM6.2ten sam produkt

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series...

CVE-2023-2062MEDIUM6.2ten sam produkt

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tool...