ID

VAR-202311-0148


CVE

CVE-2023-4625


TITLE

Vulnerability related to inappropriate restriction of excessive authentication attempts in multiple Mitsubishi Electric products

Trust: 0.8

sources: JVNDB: JVNDB-2023-016980

DESCRIPTION

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. fx5u-32mt/es firmware, fx5u-64mt/es firmware, fx5u-80mt/es Multiple Mitsubishi Electric products, including firmware, contain a vulnerability related to improper restriction of excessive authentication attempts.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-4625 // JVNDB: JVNDB-2023-016980 // VULMON: CVE-2023-4625

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:fx5u-64mt\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-96mt\/dscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-80mt\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-24mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-60mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-80mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-60mt\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-64mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-80mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-80mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-80mr\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-60mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-96mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-30mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-80mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-24mr\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-32mr\/ds-tsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-40mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-24mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-60mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-40mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-60mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-32mt\/dss-tsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-40mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-40mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-24mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-32mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-60mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-30mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-32mt\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-80mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-40mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-64mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-32mr\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-40mt\/es-ascope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-64mt\/dscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-40mr\/es-ascope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-24mr\/es-ascope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-32mt\/dscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-60mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-64mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-40mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-24mt\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-32mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-80mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-32mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-64mt\/essscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-60mr\/es-ascope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-32mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-60mr\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-64mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-60mt\/es-ascope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-80mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-40mr\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-24mt\/dssscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-64mr\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-40mt\/dsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-40mt\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5s-30mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5u-32mr\/esscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-24mt\/es-ascope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uc-32mt\/ds-tsscope:eqversion: -

Trust: 1.0

vendor:mitsubishielectricmodel:fx5uj-60mt\/essscope:eqversion: -

Trust: 1.0

vendor:三菱電機model:fx5u-32mr/dsscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-64mt/dsscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-64mt/dssscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-64mt/essscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5uc-32mt/dscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-64mt/esscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-32mt/dssscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-80mr/esscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-64mr/dsscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-80mt/esscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-32mt/essscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-80mt/essscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5uc-64mt/dscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-64mr/esscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-80mr/dsscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-32mt/dsscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-32mt/esscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-32mr/esscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-80mt/dsscope: - version: -

Trust: 0.8

vendor:三菱電機model:fx5u-80mt/dssscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-4625
value: MEDIUM

Trust: 1.0

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp: CVE-2023-4625
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-4625
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-4625
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2023-4625
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625 // NVD: CVE-2023-4625

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625

EXTERNAL IDS

db:NVDid:CVE-2023-4625

Trust: 2.7

db:ICS CERTid:ICSA-23-306-02

Trust: 1.9

db:JVNid:JVNVU94620134

Trust: 1.9

db:JVNDBid:JVNDB-2023-016980

Trust: 0.8

db:VULMONid:CVE-2023-4625

Trust: 0.1

sources: VULMON: CVE-2023-4625 // JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625

REFERENCES

url:https://jvn.jp/vu/jvnvu94620134

Trust: 1.9

url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf

Trust: 1.9

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-4625

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-4625 // JVNDB: JVNDB-2023-016980 // NVD: CVE-2023-4625

SOURCES

db:VULMONid:CVE-2023-4625
db:JVNDBid:JVNDB-2023-016980
db:NVDid:CVE-2023-4625

LAST UPDATE DATE

2024-08-14T12:29:14.523000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-4625date:2023-11-06T00:00:00
db:JVNDBid:JVNDB-2023-016980date:2024-01-05T06:28:00
db:NVDid:CVE-2023-4625date:2024-02-15T06:15:45.757

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-4625date:2023-11-06T00:00:00
db:JVNDBid:JVNDB-2023-016980date:2024-01-05T00:00:00
db:NVDid:CVE-2023-4625date:2023-11-06T05:15:15.187