CVE-2023-6815
Published: Feb 13, 2024
Modified: Aug 2, 2024
CVSS v3.1
6.5
Description
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
| Vendor | Product | Versions |
|---|---|---|
Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R08SFCPU | affected all versions |
Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R16SFCPU | affected all versions |
Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R32SFCPU | affected all versions |
Mitsubishi Electric Corporation | MELSEC iQ-R Series Safety CPU R120SFCPU | affected all versions |
Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU | affected all versions |
Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R16PSFCPU | affected all versions |
Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R32PSFCPU | affected all versions |
Mitsubishi Electric Corporation | MELSEC iQ-R Series SIL2 Process CPU R120PSFCPU | affected all versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now