CVE-2023-1618

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 versions 2310 and prior

Description The issue allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet, which is a hidden function enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, they can disclose or tamper with the module's configuration or rewrite the firmware. The vulnerability is related to the absence of authentication in the communication module for the Mitsubishi Electric WS0-GETH00200 controller.

Recommendations For versions 2310 and prior, consider disabling the telnet function as a temporary workaround until a patch is available. Restrict access to the module to minimize the risk of exploitation. Avoid using the telnet protocol to connect to the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.