Details of VAR-202311-0148

ID

VAR-202311-0148

CVE

CVE-2023-4625

TITLE

Vulnerability related to inappropriate restriction of excessive authentication attempts in multiple Mitsubishi Electric products

Trust: 0.8

sources: JVNDB: JVNDB-2023-016980

DESCRIPTION

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. fx5u-32mt/es firmware, fx5u-64mt/es firmware, fx5u-80mt/es Multiple Mitsubishi Electric products, including firmware, contain a vulnerability related to improper restriction of excessive authentication attempts.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-4625 // JVNDB: JVNDB-2023-016980 // VULMON: CVE-2023-4625

AFFECTED PRODUCTS

vendor:	mitsubishielectric	model:	fx5u-64mt\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-96mt\/d	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-80mt\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-80mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mt\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-64mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-80mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-80mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-80mr\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-60mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-96mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-30mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-80mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mr\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mr\/ds-ts	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-40mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mt\/dss-ts	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-32mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-60mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-30mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-32mt\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-80mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-40mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-64mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-32mr\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mt\/es-a	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-64mt\/d	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mr\/es-a	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mr\/es-a	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mt\/d	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-60mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-64mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mt\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-32mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-80mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-32mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-64mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mr\/es-a	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mr\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-64mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mt\/es-a	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-80mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mr\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mt\/dss	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-64mr\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-40mt\/ds	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-40mt\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5s-30mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5u-32mr\/es	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-24mt\/es-a	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uc-32mt\/ds-ts	scope:	eq	version:	-	Trust: 1.0
vendor:	mitsubishielectric	model:	fx5uj-60mt\/ess	scope:	eq	version:	-	Trust: 1.0
vendor:	三菱電機	model:	fx5u-32mr/ds	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-64mt/ds	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-64mt/dss	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-64mt/ess	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uc-32mt/d	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-64mt/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-32mt/dss	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-80mr/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-64mr/ds	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-80mt/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-32mt/ess	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-80mt/ess	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5uc-64mt/d	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-64mr/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-80mr/ds	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-32mt/ds	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-32mt/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-32mr/es	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-80mt/ds	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	fx5u-80mt/dss	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-4625
value:	MEDIUM
Trust: 1.0
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp:	CVE-2023-4625
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-4625
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2023-4625
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2023-4625
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625 // NVD: CVE-2023-4625

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.0
problemtype:	Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625

EXTERNAL IDS

db:	NVD	id:	CVE-2023-4625	Trust: 2.7
db:	ICS CERT	id:	ICSA-23-306-02	Trust: 1.9
db:	JVN	id:	JVNVU94620134	Trust: 1.9
db:	JVNDB	id:	JVNDB-2023-016980	Trust: 0.8
db:	VULMON	id:	CVE-2023-4625	Trust: 0.1

sources: VULMON: CVE-2023-4625 // JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625

REFERENCES

url:	https://jvn.jp/vu/jvnvu94620134	Trust: 1.9
url:	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf	Trust: 1.9
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-4625	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-4625 // JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625

SOURCES

db:	VULMON	id:	CVE-2023-4625
db:	JVNDB	id:	JVNDB-2023-016980
db:	NVD	id:	CVE-2023-4625

LAST UPDATE DATE

2024-08-14T12:29:14.523000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-4625	date:	2023-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2023-016980	date:	2024-01-05T06:28:00
db:	NVD	id:	CVE-2023-4625	date:	2024-02-15T06:15:45.757

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-4625	date:	2023-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2023-016980	date:	2024-01-05T00:00:00
db:	NVD	id:	CVE-2023-4625	date:	2023-11-06T05:15:15.187