CVE-2023-4088

Published: Sep 20, 2023

Modified: Sep 24, 2024

PUBLISHED

CVSS v3.1

9.3

CRITICAL

Description

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.

Vendor	Product	Versions
Mitsubishi Electric Corporation	GX Works3	affected `all versions`
Mitsubishi Electric Corporation	AL-PCS/WIN-E	affected `all versions`
Mitsubishi Electric Corporation	CPU Module Logging Configuration Tool	affected `all versions`
Mitsubishi Electric Corporation	EZSocket	affected `all versions`
Mitsubishi Electric Corporation	FR Configurator2	affected `all versions`
Mitsubishi Electric Corporation	FX Configurator-EN	affected `all versions`
Mitsubishi Electric Corporation	FX Configurator-EN-L	affected `all versions`
Mitsubishi Electric Corporation	FX Configurator-FP	affected `all versions`
Mitsubishi Electric Corporation	GT Designer3 Version1(GOT1000)	affected `all versions`
Mitsubishi Electric Corporation	GT Designer3 Version1(GOT2000)	affected `all versions`
Mitsubishi Electric Corporation	GT SoftGOT1000 Version3	affected `all versions`
Mitsubishi Electric Corporation	GT SoftGOT2000 Version1	affected `all versions`
Mitsubishi Electric Corporation	GX LogViewer	affected `all versions`
Mitsubishi Electric Corporation	GX Works2	affected `all versions`
Mitsubishi Electric Corporation	MELSOFT FieldDeviceConfigurator	affected `all versions`
Mitsubishi Electric Corporation	MELSOFT iQ AppPortal	affected `all versions`
Mitsubishi Electric Corporation	MELSOFT MaiLab	affected `all versions`
Mitsubishi Electric Corporation	MELSOFT Navigator	affected `all versions`
Mitsubishi Electric Corporation	MELSOFT Update Manager	affected `all versions`
Mitsubishi Electric Corporation	MX Component	affected `all versions`
Mitsubishi Electric Corporation	MX Sheet	affected `all versions`
Mitsubishi Electric Corporation	PX Developer	affected `all versions`
Mitsubishi Electric Corporation	RT ToolBox3	affected `all versions`
Mitsubishi Electric Corporation	RT VisualBox	affected `all versions`
Mitsubishi Electric Corporation	Data Transfer	affected `all versions`
Mitsubishi Electric Corporation	Data Transfer Classic	affected `all versions`

Weaknesses (CWE)

CWE-276

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf

vendor-advisory

https://jvn.jp/vu/JVNVU96447193/index.html

government-resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03

government-resource

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-4088

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References