CVE-2023-1618 HIGH

CVE-2023-1618: Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface Module

Vendor Mitsubishi Electric Corporation

Product MELSEC WS Series WS0-GETH00200

Weakness CWE-489

Published May 19, 2023

Last update February 12, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.

Key dates

02Disclosure timeline

May 19, 2023 CVE published

February 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-1618 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/489.html

Related vulnerabilities

Identifiers

CVE CVE-2023-1618

CWE CWE-489

CVSS 7.5 / HIGH

Affected versions