PT-2023-3007 · Mitsubishi · Melsec Iq-F Series Ethernet/Ip Module Fx5-Enet/Ip+1
Publicado
2023-06-01
·
Atualizado
2023-06-16
·
CVE-2023-2061
CVSS v3.1
6.2
Média
| Vetor | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 (affected versions not specified)
MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP (affected versions not specified)
Description
The issue is related to the use of hard-coded passwords in the FTP function of the affected modules. This allows a remote unauthenticated attacker to obtain the hard-coded password and access the module via FTP.
Recommendations
For MELSEC iQ-R Series EtherNet/IP module RJ71EIP91, consider disabling the FTP function until a patch is available.
For MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP, restrict access to the FTP module to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Melsec Iq-F Series Ethernet/Ip Module Fx5-Enet/Ip
Melsec Iq-R Series Ethernet/Ip Module Rj71Eip91