CVE-2023-0457

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation MELSEC iQ-F Series versions all Mitsubishi Electric Corporation MELSEC iQ-R Series versions all Mitsubishi Electric Corporation MELSEC-Q Series versions all Mitsubishi Electric Corporation MELSEC-L Series versions all Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U CPU modules version all Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules version all Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ CPU modules version all Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S CPU modules version all Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET version all Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP version all

Description The issue concerns a Plaintext Storage of a Password vulnerability, allowing a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into the FTP server or Web server.

Recommendations For Mitsubishi Electric Corporation MELSEC iQ-F Series, consider disabling the storage of plaintext passwords in project files until a patch is available. For Mitsubishi Electric Corporation MELSEC iQ-R Series, restrict access to the FTP server and Web server to minimize the risk of exploitation. For Mitsubishi Electric Corporation MELSEC-Q Series, avoid using plaintext credentials in project files until the issue is resolved. For Mitsubishi Electric Corporation MELSEC-L Series, restrict access to the FTP server and Web server to minimize the risk of exploitation. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U CPU modules, consider disabling the storage of plaintext passwords in project files until a patch is available. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules, restrict access to the FTP server and Web server to minimize the risk of exploitation. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ CPU modules, avoid using plaintext credentials in project files until the issue is resolved. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S CPU modules, restrict access to the FTP server and Web server to minimize the risk of exploitation. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET, consider disabling the storage of plaintext passwords in project files until a patch is available. For Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP, restrict access to the FTP server and Web server to minimize the risk of exploitation.