CVE-2023-2062

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP

Description The issue is related to missing password field masking in the Mitsubishi Electric Corporation EtherNet/IP configuration tools, allowing a remote unauthenticated attacker to obtain the password for the MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and the MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This results in an authentication bypass, enabling the attacker to access the modules via FTP. The vulnerability is associated with insufficient protection of password input fields.

Recommendations For SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD, consider implementing proper password field masking to prevent unauthorized access. For MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP, restrict FTP access until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.