CVE-2023-1618
published 2023-05-19CVE-2023-1618: Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote…
PriorityP258high8.6CVSS 3.1
AVNACLPRNUINSUCLIHAL
EPSS
1.13%
62.4th percentile
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 5.11.0 < 5.15.111 | 5.15.111 |
| linux | linux_kernel | >= 5.16.0 < 6.1.28 | 6.1.28 |
| linux | linux_kernel | >= 5.6.0 < 5.10.180 | 5.10.180 |
| linux | linux_kernel | >= 6.2.0 < 6.2.15 | 6.2.15 |
| linux | linux_kernel | >= 6.3.0 < 6.3.2 | 6.3.2 |
| mitsubishi_electric_corporation | melsec_ws_series_ws0-geth00200 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated inbound Telnet (TCP/23) connections to MELSEC WS0-GETH00200 devices, especially with no password supplied (empty password at prompt). ↗
- →Alert on any Telnet session established to WS0-GETH00200 modules with serial numbers 2310**** and prior, as the hidden Telnet service is enabled by default on these units. ↗
- →Flag Telnet traffic originating from external/untrusted networks destined for OT/ICS segments hosting MELSEC WS Series ethernet interface modules. ↗
- →Detect post-authentication Telnet commands that could indicate firmware rewrite or configuration tampering on the affected module. ↗
- ·The Telnet service is a hidden function enabled by default at factory shipment on serial numbers 2310**** and prior; patched units are serial numbers 2311**** and later. ↗
- ·The Telnet password on vulnerable units defaults to empty (no password), allowing unauthenticated access; the password can be set to up to 15 characters as a workaround. ↗
- ·Exploitation requires only network reachability with no authentication and low attack complexity (CVSS v3 AV:N/AC:L/PR:N/UI:N). ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
vendor_redhat·2025-12-24
CVE-2023-54068 kernel: f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
kernel: f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
BUG_ON() will be triggered when writing files concurrently,
because the same page is writtenback multiple times.
1597 void folio_end_writeback(struct folio *folio)
1598 {
......
1618 if (!__folio_end_writeback(folio))
1619 BUG();
......
1625 }
kernel BUG at mm/filemap.c:1619!
Call Trace:
f2fs_write_end_io+0x1a0/0x370
blk_update_request+0x6c/0x410
blk_mq_end_request+0x15/0x130
blk_complete_reqs+0x3c/0x50
__do_softirq+0xb8/0x29b
? sort_range+0x20/0x20
run_ksoftirqd+0x19/0x20
smpboot_thread_fn+0x10b/0x1d0
kthread+0xde/0x110
? kthread_complete_and_exit
CISA ICS
Mitsubishi Electric MELSEC WS Series (UPDATE A)
cisa_ics·2023-08-22·CVSS 7.5
[HIGH] Mitsubishi Electric MELSEC WS Series (UPDATE A)
ICS Advisory
##
Mitsubishi Electric MELSEC WS Series (UPDATE A)
Last RevisedAugust 22, 2023
Alert CodeICSA-23-138-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric
- Equipment: WS0-GETH00200
- Vulnerabilities: Active Debug Code
## 2. UPDATE OR REPOSTED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-23-138-02 Mitsubishi Electric MELSEC WS Series that was published May 18th, 2023, on the ICS webpage on cisa.gov/ICS.
## 3. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to bypass authentication and log in by connecting to the module via telnet to reset the module or, if certain conditions are met, either di
OSV
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
osv·2025-12-24
CVE-2023-54068 f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
BUG_ON() will be triggered when writing files concurrently,
because the same page is writtenback multiple times.
1597 void folio_end_writeback(struct folio *folio)
1598 {
......
1618 if (!__folio_end_writeback(folio))
1619 BUG();
......
1625 }
kernel BUG at mm/filemap.c:1619!
Call Trace:
f2fs_write_end_io+0x1a0/0x370
blk_update_request+0x6c/0x410
blk_mq_end_request+0x15/0x130
blk_complete_reqs+0x3c/0x50
__do_softirq+0xb8/0x29b
? sort_range+0x20/0x20
run_ksoftirqd+0x19/0x20
smpboot_thread_fn+0x10b/0x1d0
kthread+0xde/0x110
? kthread_complete_and_exit+0x2
GHSA
GHSA-37vx-v53j-77pr: Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacke
ghsa_unreviewed·2023-05-19
CVE-2023-1618 [HIGH] CWE-1188 GHSA-37vx-v53j-77pr: Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacke
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.
No detection rules found.
No public exploits indexed.
https://jvn.jp/vu/JVNVU96063959https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-02https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-002_en.pdfhttps://jvn.jp/vu/JVNVU96063959https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-02https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-002_en.pdf
2023-05-19
Published