CVE-2023-2846
published 2023-06-30CVE-2023-2846: Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated…
PriorityP267critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.32%
67.3th percentile
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
Affected
150 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mr_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mr_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mr_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_dss | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-14mt_ess | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mr_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mr_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mr_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_dss | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-24mt_ess | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mr_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mr_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mr_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_ds | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_dss | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_es | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_es-a | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-40mt_ess | — | — |
| mitsubishi_electric_corporation | melsec-f_series_fx3g-60mr_ds | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is network-based (AV:N), unauthenticated, low complexity — monitor for unexpected authentication or login activity to MELSEC-F Series PLCs over Ethernet (via FX3U-ENET-ADP or FX3U-ENET(-L) adapters) ↗
- →Classify as Authentication Bypass by Capture-Replay (CWE-294); detection should focus on replayed or anomalous authentication packet sequences directed at MELSEC-F Series main modules ↗
- →No known public exploits exist as of advisory publication; prioritize network-level anomaly detection and access logging on affected PLC Ethernet interfaces ↗
- ·All firmware versions of all listed MELSEC-F Series products are affected — there is no patched version boundary to filter on; treat all deployed units as vulnerable ↗
- ·Ethernet exposure is the attack surface; FX3U/FX3UC/FX3G/FX3GC/FX3GA/FX3S/FX3SA series units are only affected when paired with FX3U-ENET-ADP or FX3U-ENET(-L) adapters — confirm Ethernet adapter presence before scoping detection ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f86h-3pcp-x4mw: Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticat
ghsa_unreviewed·2023-06-30
CVE-2023-2846 [CRITICAL] CWE-294 GHSA-f86h-3pcp-x4mw: Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticat
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
CISA ICS
Mitsubishi Electric MELSEC-F Series (Update A)
cisa_ics·2023-07-11
Mitsubishi Electric MELSEC-F Series (Update A)
ICS Advisory
##
Mitsubishi Electric MELSEC-F Series (Update A)
Last RevisedJuly 11, 2023
Alert CodeICSA-23-180-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric
- Equipment: MELSEC-F Series
- Vulnerability: Authentication Bypass by Capture-replay
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to login to the product by sending specially crafted packets.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Mitsubishi Electric reports this vulnerability affects the following MELSEC-F Series products:
- FX3GE-xMy/z x=24,40, y=T,R, z=ES,ESS,DS,DSS: All versions
Mitsubishi Electric reports this vulnerability affects the follow
No detection rules found.
No public exploits indexed.
https://jvn.jp/vu/JVNVU94519952https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdfhttps://jvn.jp/vu/JVNVU94519952https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdf
2023-06-30
Published