Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-6943

CVSS 9.8 · Critical EPSS 3.97% · P88
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-6943

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用外部可控制的输入来选择类或代码(不安全的反射)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mitsubishi Electric 多款产品安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mitsubishi Electric FR Configurator2等都是日本三菱电机(Mitsubishi Electric)公司的产品。Mitsubishi Electric FR Configurator2是一款变频器驱动配置应用程序。Mitsubishi Electric GT Designer3是一套人机界面编程软件。Mitsubishi Electric GX Works2是一款可编程控制器。 Mitsubishi Electric 多款产品存在安全漏洞。远程攻击者利用该漏洞通过通过 RP
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Mitsubishi Electric CorporationEZSocket 3.0 to 5.92 -
Mitsubishi Electric CorporationGT Designer3 Version1(GOT1000) 1.325P and prior -
Mitsubishi Electric CorporationGT Designer3 Version1(GOT2000) 1.320J and prior -
Mitsubishi Electric CorporationGX Works2 1.11M to 1.626C -
Mitsubishi Electric CorporationGX Works3 1.106L and prior -
Mitsubishi Electric CorporationMELSOFT Navigator 1.04E to 2.102G -
Mitsubishi Electric CorporationMT Works2 1.190Y and prior -
Mitsubishi Electric CorporationMX Component 4.00A to 5.007H -
Mitsubishi Electric CorporationMX OPC Server DA/UA all versions -

II. Public POCs for CVE-2023-6943

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-6943

登录查看更多情报信息。

Same Patch Batch · Mitsubishi Electric Corporation · 2024-01-30 · 3 CVEs total

CVE-2023-69427.5 HIGHMitsubishi Electric 多款产品安全漏洞
CVE-2023-63745.9 MEDIUMMitsubishi Electric MELSEC WS Series 安全漏洞

IV. Related Vulnerabilities

Same product: EZSocket
Same vendor: Mitsubishi Electric Corporation
Same weakness: CWE-470

V. Comments for CVE-2023-6943

No comments yet

Leave a comment