Unrated severityNVD Advisory· Published Jun 2, 2023· Updated Mar 5, 2025
Information Disclosure vulnerability in EtherNet/IP Configuration tools
CVE-2023-2062
Description
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Mitsubishi Electric Corporation/EtherNet/IP Configuration tool for FX5-ENET/IP SW1DNN-EIPCTFX5-BDv5Range: Software version "1.01B" and prior
- Mitsubishi Electric Corporation/EtherNet/IP Configuration tool for RJ71EIP91 SW1DNN-EIPCT-BDv5Range: Software version "1.01B" and prior
Patches
Vulnerability mechanics
References
3- www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdfmitrevendor-advisory
- jvn.jp/vu/JVNVU92908006mitregovernment-resource
- www.cisa.gov/news-events/ics-advisories/icsa-23-157-02mitregovernment-resource
News mentions
0No linked articles in our index yet.