CVE-2023-2060 HIGH

CVE-2023-2060: Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules

Vendor Mitsubishi Electric Corporation

Product MELSEC iQ-R Series EtherNet/IP module RJ71EIP91

Weakness CWE-521

Published June 2, 2023

Last update March 5, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.

Key dates

02Disclosure timeline

June 2, 2023 CVE published

March 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-2060 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/521.html

Related vulnerabilities

Identifiers

CVE CVE-2023-2060

CWE CWE-521

CVSS 7.5 / HIGH

Affected versions

Vendor Mitsubishi Electric Corporation

Product MELSEC iQ-R Series EtherNet/IP module RJ71EIP91

Affected all versions

Vendor Mitsubishi Electric Corporation

Product MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP

Affected all versions

CVE-2023-2060: Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules

01Description

02Disclosure timeline

03References

04Related CVE