CVE-2023-2063

Name of the Vulnerable Software and Affected Versions MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 (affected versions not specified) MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP (affected versions not specified)

Description The issue is related to an unrestricted upload of files with dangerous types in the FTP function. This can allow a remote attacker to compromise the target system, potentially leading to information disclosure, tampering, deletion, or destruction via file upload/download. The attacker may exploit this for further attacks.

Recommendations For MELSEC iQ-R Series EtherNet/IP module RJ71EIP91, restrict access to the FTP function until a patch is available. For MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP, consider disabling the FTP function temporarily to minimize the risk of exploitation. Avoid using the FTP function for uploading or downloading files until the issue is resolved.