CVE-2023-1618

Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface Module

Description

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.

References

Link	Tags
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-002_en.pdf	vendor advisory
https://jvn.jp/vu/JVNVU96063959	third party advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-02	mitigation third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2023-1618?: CVE-2023-1618 has been scored as a high severity vulnerability.
How to fix CVE-2023-1618?: To fix CVE-2023-1618, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-1618 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-1618 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-1618?: CVE-2023-1618 affects Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200.

Description

Categories

CWE-489 – Active Debug Code

CWE-1188 – Initialization of a Resource with an Insecure Default

References

Frequently Asked Questions