CVE-2023-6943

Vulnerability

An unsafe reflection vulnerability (CWE-470) exists in several Mitsubishi Electric FA engineering software products. The affected products and versions are: EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H, and MX OPC Server DA/UA (software packaged with MC Works64) all versions [1][2]. The vulnerability allows externally-controlled input to select classes or code, enabling unsafe reflection.

Exploitation

To exploit this vulnerability, an attacker must be connected to the affected product remotely. While connected, the attacker can call a function with a path to a malicious library via RPC [1][2]. No authentication is required for this step, and the attack is remotely exploitable with low complexity [2]. The attacker sends a crafted request that includes a reference to a malicious library, and the product then loads and executes the attacker-supplied code.

Impact

Successful exploitation allows the attacker to execute arbitrary malicious code on the affected product [1][2]. This can lead to disclosure, tampering, destruction, or deletion of information, as well as causing a denial-of-service (DoS) condition on the products [1][2]. The attacker gains the ability to perform these actions without any prior authorization.

Mitigation

Mitsubishi Electric has released updated versions for some of the affected products. Users should refer to the vendor's information for the specific fixed version for each product [1]. For MX OPC Server DA/UA, no patch is currently available; users are advised to apply workarounds as recommended by the vendor [1][2]. Users should also consider network segmentation and access controls to limit exposure to untrusted networks.