HIGH🇬🇧 English

CVE-2023-2060

CVSS 7.5v3.1pub. 2023-06-02upd. 2024-11-21

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Mitsubishielectric Fx5 Enet\/ip

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Fx5 Enet\/ip Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Rj71eip91

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Rj71eip91 Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Sw1dnn Eipct Bd

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Sw1dnn Eipct Bd Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Sw1dnn Eipctfx5 Bd

    HW
    Mitsubishielectric
    wszystkie wersje
  • Mitsubishielectric Sw1dnn Eipctfx5 Bd Firmware

    OS
    Mitsubishielectric
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2020-16226CRITICAL9.8ten sam produkt

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious a...

CVE-2023-0457HIGH7.5ten sam produkt

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ...

CVE-2023-2061MEDIUM6.2ten sam produkt

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series...

CVE-2023-2062MEDIUM6.2ten sam produkt

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tool...

CVE-2023-2063MEDIUM6.3ten sam produkt

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporati...