2024-02-13 09:00:34 +00:00
{
"id" : "CVE-2023-6815" ,
"sourceIdentifier" : "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" ,
"published" : "2024-02-13T07:15:46.843" ,
2024-10-22 14:04:58 +00:00
"lastModified" : "2024-10-22T12:58:28.877" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2024-02-13 09:00:34 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet."
2024-04-04 08:46:00 +00:00
} ,
{
"lang" : "es" ,
"value" : "Vulnerabilidad de asignaci\u00f3n de privilegios incorrecta en Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU todas las versiones y MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU todas las versiones permite a un atacante autenticado remoto que haya iniciado sesi\u00f3n ingresa al producto como usuario no administrador para revelar las credenciales (ID de usuario y contrase\u00f1a) de un usuario con un nivel de acceso m\u00e1s bajo que el atacante mediante el env\u00edo de un paquete especialmente manipulado."
2024-02-13 09:00:34 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2024-10-22 14:04:58 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
} ,
2024-02-13 09:00:34 +00:00
{
"source" : "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
{
"source" : "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-266"
}
]
}
] ,
2024-10-22 14:04:58 +00:00
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "66D3AC7B-50E0-47D5-B0D1-07329D724EFE"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B185323A-C9E3-48A0-AD28-DA7AC7846E18"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AA81D5C7-46C8-4F0E-9550-D240DC0366F3"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C4BBE066-33C4-4410-85D3-4B77B3773330"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7FB53D61-6C69-4A4A-92B1-C10D0B8F0EC9"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6F6304BE-DAEE-49AB-B0B1-CEE6878CBECE"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8218130C-4E7D-4FB9-976B-2351977C82D4"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "515BDC46-5A1C-4A94-816A-B4751BB1B58D"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5A63D33D-302A-428C-986F-FC3F83CE9C86"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EA37F2FC-8F75-4FEA-882D-87AD5CC1558E"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FFB42739-E503-44B2-A020-0DB2B8791A81"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "17AD5875-B7D7-498B-9484-23049753133E"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3B1F532B-8EAF-4E66-9AF5-5EEFF5A0BC23"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0EC2594C-6067-40BA-B8B2-AEC9B9C7922F"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B2C03EA2-34BF-4F86-A19C-2818788E092B"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CA3FB3E1-D7D3-424B-A207-D3C6F4365D12"
}
]
}
]
}
] ,
2024-02-13 09:00:34 +00:00
"references" : [
{
"url" : "https://jvn.jp/vu/JVNVU95085830/index.html" ,
2024-10-22 14:04:58 +00:00
"source" : "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" ,
"tags" : [
"Third Party Advisory"
]
2024-02-13 09:00:34 +00:00
} ,
2024-02-14 17:08:46 +00:00
{
"url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-044-01" ,
2024-10-22 14:04:58 +00:00
"source" : "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource"
]
2024-02-14 17:08:46 +00:00
} ,
2024-02-13 09:00:34 +00:00
{
"url" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-021_en.pdf" ,
2024-10-22 14:04:58 +00:00
"source" : "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" ,
"tags" : [
"Mitigation" ,
"Vendor Advisory"
]
2024-02-13 09:00:34 +00:00
}
]
}
