CVE-2023-2060

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 (affected versions not specified) Mitsubishi Electric Corporation MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP (affected versions not specified)

Description The issue is related to weak password requirements in the FTP function of the affected modules, allowing a remote unauthenticated attacker to access the module via FTP by dictionary attack or password sniffing. This can enable the attacker to gain full access to the device.

Recommendations For Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91, consider disabling the FTP function until a patch is available. For Mitsubishi Electric Corporation MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP, consider disabling the FTP function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.