7.5
HIGH
CVE-2023-0457
Mitsubishi Electric Corporation MELSEC Firmware Password Disclosure Vulnerability
Description

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.

INFO

Published Date :

March 3, 2023, 5:15 a.m.

Last Modified :

June 21, 2023, 5:15 a.m.

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2023-0457 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-0457 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Mitsubishielectric fx5uc-32mt\/d_firmware
2 Mitsubishielectric fx5uc-64mt\/d_firmware
3 Mitsubishielectric fx5uc-96mt\/d_firmware
4 Mitsubishielectric fx5uc-32mt\/dss_firmware
5 Mitsubishielectric fx5uc-64mt\/dss_firmware
6 Mitsubishielectric fx5uc-96mt\/dss_firmware
7 Mitsubishielectric fx5uc-32mt\/ds-ts_firmware
8 Mitsubishielectric fx5uc-32mt\/dss-ts_firmware
9 Mitsubishielectric fx5uc-32mr\/ds-ts_firmware
10 Mitsubishielectric fx5uj-24mt\/es_firmware
11 Mitsubishielectric fx5uj-40mt\/es_firmware
12 Mitsubishielectric fx5uj-60mt\/es_firmware
13 Mitsubishielectric fx5uj-24mr\/es_firmware
14 Mitsubishielectric fx5uj-40mr\/es_firmware
15 Mitsubishielectric fx5uj-60mr\/es_firmware
16 Mitsubishielectric fx5uj-24mt\/ess_firmware
17 Mitsubishielectric fx5uj-40mt\/ess_firmware
18 Mitsubishielectric fx5uj-60mt\/ess_firmware
19 Mitsubishielectric fx5uj-24mt\/es-a_firmware
20 Mitsubishielectric fx5uj-40mt\/es-a_firmware
21 Mitsubishielectric fx5uj-60mt\/es-a_firmware
22 Mitsubishielectric fx5uj-24mr\/es-a_firmware
23 Mitsubishielectric fx5uj-40mr\/es-a_firmware
24 Mitsubishielectric fx5uj-60mr\/es-a_firmware
25 Mitsubishielectric fx5s-30mt\/es_firmware
26 Mitsubishielectric fx5s-40mt\/es_firmware
27 Mitsubishielectric fx5s-60mt\/es_firmware
28 Mitsubishielectric fx5s-80mt\/es_firmware
29 Mitsubishielectric fx5s-30mr\/es_firmware
30 Mitsubishielectric fx5s-40mr\/es_firmware
31 Mitsubishielectric fx5s-60mr\/es_firmware
32 Mitsubishielectric fx5s-80mr\/es_firmware
33 Mitsubishielectric fx5s-30mt\/ess_firmware
34 Mitsubishielectric fx5s-40mt\/ess_firmware
35 Mitsubishielectric fx5s-60mt\/ess_firmware
36 Mitsubishielectric fx5s-80mt\/ess_firmware
37 Mitsubishielectric fx5-enet_firmware
38 Mitsubishielectric fx5-enet\/ip_firmware
39 Mitsubishielectric melsec_iq-fx5u-32mt\/es_firmware
40 Mitsubishielectric melsec_iq-fx5u-32mt\/ds_firmware
41 Mitsubishielectric melsec_iq-fx5u-32mt\/ess_firmware
42 Mitsubishielectric melsec_iq-fx5u-32mt\/dss_firmware
43 Mitsubishielectric melsec_iq-fx5u-32mr\/es_firmware
44 Mitsubishielectric melsec_iq-fx5u-32mr\/ds_firmware
45 Mitsubishielectric melsec_iq-fx5u-64mt\/es_firmware
46 Mitsubishielectric melsec_iq-fx5u-64mt\/ds_firmware
47 Mitsubishielectric melsec_iq-fx5u-64mt\/ess_firmware
48 Mitsubishielectric melsec_iq-fx5u-64mt\/dss_firmware
49 Mitsubishielectric melsec_iq-fx5u-64mr\/es_firmware
50 Mitsubishielectric melsec_iq-fx5u-64mr\/ds_firmware
51 Mitsubishielectric melsec_iq-fx5u-80mt\/es_firmware
52 Mitsubishielectric melsec_iq-fx5u-80mt\/ds_firmware
53 Mitsubishielectric melsec_iq-fx5u-80mt\/ess_firmware
54 Mitsubishielectric melsec_iq-fx5u-80mt\/dss_firmware
55 Mitsubishielectric melsec_iq-fx5u-80mr\/es_firmware
56 Mitsubishielectric melsec_iq-fx5u-80mr\/ds_firmware
57 Mitsubishielectric melsec_iq-fx5uc-32mt\/ds-ts_firmware
58 Mitsubishielectric melsec_iq-fx5uc-32mt\/dss-ts_firmware
59 Mitsubishielectric melsec_iq-fx5uc-32mr\/ds-ts_firmware
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-0457.

URL Resource
https://jvn.jp/vu/JVNVU93891523/index.html Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01 Mitigation Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Introduction

Updated: 1 year, 6 months ago
1 stars 0 fork 0 watcher
Born at : Jan. 13, 2023, 8:11 a.m. This repo has been linked 8 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-0457 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-0457 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jun. 21, 2023

    Action Type Old Value New Value
    Changed Description Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules all models all versions, FX5UJ CPU modules all models all versions, FX5S CPU modules all models all versions, FX5-ENET all versions and FX5-ENET/IP all versions allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
  • Initial Analysis by [email protected]

    Mar. 14, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    Changed Reference Type https://jvn.jp/vu/JVNVU93891523/index.html No Types Assigned https://jvn.jp/vu/JVNVU93891523/index.html Third Party Advisory
    Changed Reference Type https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01 No Types Assigned https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01 Mitigation, Third Party Advisory, US Government Resource
    Changed Reference Type https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf No Types Assigned https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf Vendor Advisory
    Added CWE NIST CWE-522
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-32mr\/ds-ts_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-32mr\/ds-ts:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/d_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-32mt\/d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-32mt\/dss:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/dss-ts_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-32mt\/dss-ts:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-32mt\/ds-ts_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-32mt\/ds-ts:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/d_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-64mt\/d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-64mt\/dss_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-64mt\/dss:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/d_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-96mt\/d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uc-96mt\/dss_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uc-96mt\/dss:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-24mr\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-24mr\/es-a_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-24mr\/es-a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-24mt\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/es-a_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-24mt\/es-a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-24mt\/ess_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-24mt\/ess:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-40mr\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-40mr\/es-a_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-40mr\/es-a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-40mt\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/es-a_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-40mt\/es-a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-40mt\/ess_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-40mt\/ess:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-60mr\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-60mr\/es-a_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-60mr\/es-a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-60mt\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/es-a_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-60mt\/es-a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5uj-60mt\/ess_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5uj-60mt\/ess:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-30mr\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-30mr\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-30mt\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-30mt\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-30mt\/ess_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-30mt\/ess:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-40mr\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-40mr\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-40mt\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-40mt\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-40mt\/ess_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-40mt\/ess:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-60mr\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-60mr\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-60mt\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-60mt\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-60mt\/ess_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-60mt\/ess:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-80mr\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-80mr\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-80mt\/es_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-80mt\/es:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5s-80mt\/ess_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5s-80mt\/ess:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5-enet_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5-enet:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitsubishielectric:fx5-enet\/ip_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:mitsubishielectric:fx5-enet\/ip:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-0457 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.20 }} -0.06%

score

0.58300

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability