Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
Applications vulnerable to this vulnerability accept an externally supplied library path through the RPC interface, which they then dynamically load without proper verification of its origin. An attacker connected to the product can pass a path pointing to a malicious library. The system loads this library and executes the code contained within it in the context of the application process, which is a classic example of an Unsafe Reflection attack.
A remote, unauthenticated attacker can execute arbitrary malicious code on a system with vulnerable software installed, which may lead to complete system takeover, loss of confidentiality, integrity, and availability of data and services.
Patches available from the vendor should be applied in accordance with the references (Mitsubishi Electric PSIRT bulletin: 2023-020 and CISA ICS-ADVISORY ICSA-24-030-02). Until updates are deployed, it is recommended to restrict network access to systems with vulnerable software and block unauthorized RPC connections at the firewall level.
Mitsubishi Electric EZSocket versions 3.0 to 5.92; GT Designer3 Version1 (GOT1000) versions 1.325P and earlier; GT Designer3 Version1 (GOT2000) versions 1.320J and earlier; GX Works2 versions 1.11M to 1.626C; GX Works3 versions 1.106L and earlier; MELSOFT Navigator versions 1.04E to 2.102G; MT Works2 versions 1.190Y and earlier; MX Component versions 4.00A to 5.007H; MX OPC Server DA/UA — all versions
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMitsubishielectric Ezsocket
APPMitsubishielectric≥ 3.0Mitsubishielectric Fr Configurator2
APPMitsubishielectricwszystkie wersjeMitsubishielectric Got1000
APPMitsubishielectricwszystkie wersjeMitsubishielectric Got2000
APPMitsubishielectricwszystkie wersjeMitsubishielectric Gx Works2
APPMitsubishielectric≥ 1.11mMitsubishielectric Gx Works3
APPMitsubishielectricwszystkie wersjeMitsubishielectric Mc Works64
APPMitsubishielectricwszystkie wersjeMitsubishielectric Melsoft Navigator
APPMitsubishielectric≥ 1.04eMitsubishielectric Mt Works2
APPMitsubishielectricwszystkie wersjeMitsubishielectric Mx Component
APPMitsubishielectric≥ 4.00a
Related vulnerabilities
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering softwar...
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.0...
Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mi...
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201...
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL command...