CVE-2023-5247

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric FA Engineering Software Products (affected versions not specified) MELSOFT iQ AppPortal (affected versions not specified) MELSOFT Navigator (affected versions not specified) Motion Control Setting (affected versions not specified) GX Works3 (affected versions not specified)

Description The issue allows a malicious attacker to execute malicious code by having legitimate users open a specially crafted project file. This could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. The vulnerability is related to external control of file name or path.

Recommendations For Mitsubishi Electric FA Engineering Software Products, consider restricting access to project files from untrusted sources until a patch is available. For MELSOFT iQ AppPortal, avoid opening specially crafted project files until the issue is resolved. For MELSOFT Navigator, restrict access to vulnerable modules to minimize the risk of exploitation. For Motion Control Setting, consider disabling the vulnerable function until a patch is available. For GX Works3, avoid using vulnerable parameters in project files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.