Published: 30/01/2024 Updated: 08/02/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated malicious user to execute a malicious code by RPC with a path to a malicious library while connected to the products.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mitsubishielectric fr configurator2
mitsubishielectric mt works2
mitsubishielectric gx works3
mitsubishielectric mc works64
mitsubishielectric mx component
mitsubishielectric melsoft navigator
mitsubishielectric gx works2
mitsubishielectric got2000
mitsubishielectric got1000
mitsubishielectric ezsocket

Critical Infrastructure Sectors: Critical Manufacturing

CWE-470 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf https://jvn.jp/vu/JVNVU95103362 https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-6943

Vulnerability Summary

Vulnerability Trend

ICS Advisories

References

Vulmon Search

About

Products

Connect