1. EXECUTIVE SUMMARY
- CVSS v3 2.9
- ATTENTION: Exploitable locally
- Vendor: Mitsubishi Electric Corporation
- Equipment: GX Works2
- Vulnerability: Denial-of-Service
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a Denial-of-service (DoS) due to improper input validation in the simulation function of GX Works2 by sending specially crafted packets.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
- GX Works2: all versions
3.2 Vulnerability Overview
3.2.1 Improper Input Validation CWE-20
An attacker may be able to cause denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.
CVE-2023-5274 has been assigned to this vulnerability. A CVSS v3.1 base score of 2.9 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).
3.2.2 Improper Input Validation CWE-20
An attacker may be able to cause denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.
CVE-2023-5275 has been assigned to this vulnerability. A CVSS v3.1 base score of 2.9 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).
3.3 BACKGROUND
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: