{ "id": "CVE-2023-4088", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2023-09-20T03:15:13.687", "lastModified": "2024-11-21T08:34:21.840", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder." }, { "lang": "es", "value": "Vulnerabilidad de Permisos Predeterminados Incorrectos debido a una soluci\u00f3n incompleta para abordar CVE-2020-14496 en los productos de software de ingenier\u00eda de Mitsubishi Electric Corporation FA permite que un atacante local malicioso ejecute un c\u00f3digo malicioso, lo que podr\u00eda resultar en la divulgaci\u00f3n, manipulaci\u00f3n y eliminaci\u00f3n de informaci\u00f3n, o una condici\u00f3n de denegaci\u00f3n fuera de servicio (DoS). Sin embargo, si la versi\u00f3n mitigada descrita en el aviso para CVE-2020-14496 se utiliza y se instala en la carpeta de instalaci\u00f3n predeterminada, esta vulnerabilidad no afecta a los productos." } ], "metrics": { "cvssMetricV31": [ { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.5, "impactScore": 6.0 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-276" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-276" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4AEDEEE-5070-41E2-B4DC-6DE8456BC028" } ] } ] } ], "references": [ { "url": "https://jvn.jp/vu/JVNVU96447193/index.html", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": [ "Vendor Advisory" ] }, { "url": "https://jvn.jp/vu/JVNVU96447193/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }