CVE-2023-6942

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric EZSocket versions 3.0 to 5.92 Mitsubishi Electric GT Designer3 Version1(GOT1000) versions 1.325P and prior Mitsubishi Electric GT Designer3 Version1(GOT2000) versions 1.320J and prior Mitsubishi Electric GX Works2 versions 1.11M and later Mitsubishi Electric GX Works3 versions 1.106L and prior Mitsubishi Electric MELSOFT Navigator versions 1.04E to 2.102G Mitsubishi Electric MT Works2 versions 1.190Y and prior Mitsubishi Electric MX Component versions 4.00A to 5.007H Mitsubishi Electric MX OPC Server DA/UA all versions Mitsubishi Electric FR Configurator2 all versions

Description The issue is related to a lack of authentication for a critical function, allowing a remote attacker to gain unauthorized access to confidential information by sending specially crafted packets. This can enable the attacker to bypass authentication and connect to the products illegally.

Recommendations For Mitsubishi Electric EZSocket versions 3.0 to 5.92, update to a version that includes a fix for this issue. For Mitsubishi Electric GT Designer3 Version1(GOT1000) versions 1.325P and prior, update to a version that includes a fix for this issue. For Mitsubishi Electric GT Designer3 Version1(GOT2000) versions 1.320J and prior, update to a version that includes a fix for this issue. For Mitsubishi Electric GX Works2 versions 1.11M and later, update to a version that includes a fix for this issue. For Mitsubishi Electric GX Works3 versions 1.106L and prior, update to a version that includes a fix for this issue. For Mitsubishi Electric MELSOFT Navigator versions 1.04E to 2.102G, update to a version that includes a fix for this issue. For Mitsubishi Electric MT Works2 versions 1.190Y and prior, update to a version that includes a fix for this issue. For Mitsubishi Electric MX Component versions 4.00A to 5.007H, update to a version that includes a fix for this issue. For Mitsubishi Electric MX OPC Server DA/UA all versions, update to a version that includes a fix for this issue. For Mitsubishi Electric FR Configurator2 all versions, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.